Wireshark to indicate source of traffic


#1

For some reason my computer keeps doing a

DNS Standard Query MX www.yahoo.com
DNS Standard Query response CNAME fp.wg1.b.yahoo.com CNAME any-fp.wa1.b.yahoo.com

over and over.

I’m not that knowledgeable with network monitoring, but I think MX records in DNS are mail exchangers so it appears to be trying to contact a mail server through yahoo.com. Though I might visit yahoo.com once in a great while, I don’t really use it for anything. I close down all the apps I’m aware of as well as processes and services on Win7 trying to see if the traffic stops, but it doesn’t. I’ve tried rebooting and it starts up almost immediately doing it again.

Wireshark helped me find that this is a potential problem, but how do I correlate that to a particular application? How do I identify the application causing the traffic?

I’m thinking of loading up maybe Perfmon and perhaps tracing the network traffic if I can find appropriate counters. Not sure if that would work. Any ideas? I looked at the information in Wireshark and I can’t figure out anything useful in the packet info there. Perhaps this is my lack of knowledge from using this app.