Why do I see a long list of IPv4 connections under Unknown RRS feed

  • Question

  • I can a long list of IPv4 connection under Unknow process in Microsoft Network Monitoring, can it be a virus, and how can I find out. 

    I am using Windows Vista and AVG 2011 as Anti virus and firewall

    Tuesday, December 14, 2010 2:51 PM

All replies

  • Hi,

    Network Monitor runs as a local process, although we still capture all the traffic on the machine, we can't associate to processes run as other users unless you run Network Monitor as admin.  This should turn some of those unknown connections into other processes run under different credentials.  Then you can see if there's any strange looking processes.

    Other times, we just miss the window to associate short-lived processes.  There are a few other factors as well.  It's hard to use the Unknown bucket to determine if strange things are going on.  The best thing to do is to look at each conversation and see if there's a lot of traffic there.

    Hope that helps.

    Michael Hawker | Program Manager | Network Monitor
    Tuesday, December 14, 2010 4:09 PM