Strange network traffic 10.4.2 client

[bschonhorst]

I’m noticing some strange network traffic originating from my Tiger workstation. I was hoping someone might be able to clarify what it is or if I have something nasty installed.

I actually noticed a windows laptop was showing ZoneAlarm warnings about TCP and UDP traffice coming from my G5. Seems that my mac is scanning several ports including:
UDP 49311 48358 49359 49289 50119 58020
TCP 49192 49191 49188 63275, etc

When I run lsof -i there are several things running I don’t recognize or seem strange (like 5 entries for mdns). Any thoughts on these?

5 entries for mDNSRespo UDP *:mdns
2 automount entries
1 smbclient

automount 138 root 8u IPv4 0x020f8c70 0t0 UDP localhost:1023
automount 176 root 8u IPv4 0x020f8040 0t0 UDP localhost:1022
cupsd 182 root 0u IPv4 0x02455694 0t0 TCP localhost:ipp (LISTEN)
cupsd 182 root 3u IPv4 0x020f8790 0t0 UDP *:ipp
smbclient 390 root 3u IPv4 0x02453c48 0t0 TCP my.desktop.computer:49192->windows.laptop.computer:netbios-ssn (SYN_SENT)

In the Sharing pane of System Prefs, the only item checked is Remote Login (ssh)

Thanks for any input!

[bschonhorst]

Hmmm, I am now suspecting Microsoft Office 2004 is looking for other copies on our network.

[bschonhorst]

So I removed Office 2004 and the traffic disappeared. Guess thats what it was.

[Author]

Posts