I'm trying to find out what the heck is going on here. Scenario is two servers, both windows 2003. Using Wireshark I've been able to see a very large amount of traffic hitting one server, from the other on port 3335.
Transmission Control Protocol, Src Port: directv-soft (3335), Dst Port: microsoft-ds (445), Seq: 54, Ack: 54, Len: 0
Right away looks like Direct tv software. On the source server I cant find this ANYWHERE. Process explorer doesn't show anything like this, and TCPView shows
System 4 TCP SOURCESERVER.DOMAIN.com 3335 DESTINATIONSERVER.DOMAIN.com microsoft-ds ESTABLISHED
microsoft-ds makes me think directory services / AD or distributed services, but on port 3335? Malware? I'm running a scan now.
[link] [2 comments]