UDP 137 Traffic to Microsoft during Windows Update

Forum|Forum|12 years ago
February 26, 2014
2 replies
9176 views

Was working on a Windows 7 Pro x64 laptop. Was having trouble using the Dell Client Update so I enabled a real-time traffic monitor in my FAZ. A little while later I was prompted to apply 13 Windows Updates, almost all related to .NET 4 Client. I started noticing UDP 137 calls to the following IPs: 65.55.7.141 - Microsoft 134.170.184.137 - Microsoft 199.117.103.171 - Akamai 157.56.56.151 - Microsoft Why in the heck would Windows Update cause NetBIOS calls to Internet hosts? First off that kind of traffic should never leave the LAN. I do have a WINS server so it doesn' t make sense to me why this laptop would be trying to resolve hostnames using NetBIOS-NS, except that these IPs do not resolve period. Maybe this is something that happens all the time and I have simply never noticed. I only allow standard ports outbound so the traffic was blocked but still wondering if someone has an answer to increase my understanding. Thanks

netmin

New Member

This behaviour is implementation specific: http://technet.microsoft.com/en-us/library/cc751204.aspx

Some programs use the gethostbyaddr() call to resolve an IP address to a host name. The gethostbyaddr() call uses the following sequence: 1. Check local computer host name. 2. Check the HOSTS file for a matching address entry. 3. If a DNS server is configured, query it. 4. If no match is found, send a NetBIOS Adapter Status Request to the IP address being queried, and if it responds with a list of NetBIOS names registered for the adapter, parse it for the computer name.