Windows 7 Forums

Welcome to Windows 7 Forums. Our forum is dedicated to helping you find support and solutions for any problems regarding your Windows 7 PC be it Dell, HP, Acer, Asus or a custom build. We also provide an extensive Windows 7 tutorial section that covers a wide range of tips and tricks.


Windows 7: How to Identify the PID Making a DNS Query

17 Aug 2011   #1
Daddyman

Windows 7 Professional x64
 
 
How to Identify the PID Making a DNS Query

Something on my W7 Pro x64 computer is making hundreds of DNS requests to logmein.com every day. I want to learn the identity of 'something'.

My computer is definitely not infected, not even by a rootkit, and my wireless network is definitely not hacked. My Hosts file is unchanged from the default.

About eight months ago I did install LogMeIn, but a few days later I uninstalled it. I'm quite sure it uninstalled completely.

A capture application like Wireshark can see and analyze the DNS requests, but it doesn't tell me which PID is making the request. A network monitor like TCPview knows the PID but doesn't tell me what traffic is a DNS request.

I am nobody's idea of a network expert, but I understand this much: The problem with identifying which PID is making a DNS request is difficult because processes don't (usually) make DNS queries directly. They ask the OS resolver for hostname resolution, and the resolver in turn makes the DNS query.

I suppose I could open Wireshark and then end processes one by one until the DNS requests stop (or my computer crashes. ) But isn't there some other way to find out which PID is making the original DNS request?


My System SpecsSystem Spec
.
17 Aug 2011   #2
Daddyman

Windows 7 Professional x64
 
 

I can add some additional information to my original post, courtesy of Wireshark:


1- The DNS queries are definitely coming from my computer.
2- The source port is different every time, but always in the upper range of port numbers (50000 and up). For instance, the source ports are 58620, 62544, 56138, 54596, 52952, 57794, etc. This might be an attempt to prevent me from stopping this activity by setting a firewall rule. I would have to block every port from 50000 and up.


I still haven't identified the process that's doing this, nor can I understand why something or someone would be making literally thousands of DNS queries a day for logmein.com and patch.everquest.com.
My System SpecsSystem Spec
19 Aug 2011   #3
Ztruker

Windows 10 Pro X64
 
 

My System SpecsSystem Spec
.

19 Aug 2011   #4
Daddyman

Windows 7 Professional x64
 
 

No solution thus far. For now, I just added the domains in question to my Hosts file, so the DNS queries have stopped. I may never find out what's really going on.
My System SpecsSystem Spec
Reply

 How to Identify the PID Making a DNS Query




Thread Tools Search this Thread
Search this Thread:

Advanced Search




Similar help and support threads
Thread Forum
Help me identify the used partitions.
Good day. Please help me identify the unused partition of my HD so I can use it. I spared roughly 40-60GB of space for the Linux installation but unfortunately the installer did not use that. Instead it used another space that I allotted for different purpose. I attached the snapshot of my Disk...
Hardware & Devices
Can anyone Identify This?
I noticed this morning a small file had appeared on my main drive. I have took a snip and attached it this message. I know its small and when I go to delete it, it requires an administrator to do this. The file isn't hidden anywhere. All I did was click on computer - C Drive and it was sitting...
General Discussion
Identify with this?
I just read this ! had to share. :D
Chillout Room
How do I identify my RAM?
Is my RAM DDR OR WHATEVER
Hardware & Devices
Can anyone identify this card?
I ran across this card doing an older Frankenbuild, but I cant sem to find any info on it, other than it is made by XGI. The only other indicators on it are XB-17. Its a PCI-e card, but it doesnt seem to want to mount properly in the boards PCI-e x16. Its about 2 goldfingers too long to slide into...
Graphic Cards


Our Sites

Site Links

About Us

Find Us

Windows 7 Forums is an independent web site and has not been authorized, sponsored, or otherwise approved by Microsoft Corporation. "Windows 7" and related materials are trademarks of Microsoft Corp.

Designer Media Ltd

All times are GMT -5. The time now is 13:41.

Twitter Facebook Google+



Windows 7 Forums

Seven Forums Android App Seven Forums IOS App