> http://www.wired.com/news/technology/0,1282,55795,00.html > Yeah, I saw that. ;-) > Also, I ran a packet trace on how the product > generating these popups is > working...the popup appears to be delivered as a > single UDP/135 packet... Interesting. I've done some testing in my lab. I ran a test tonight using the 'net send' command. It looked like this: c:\>net send 10.1.1.10 This is a test The capture looked like this: 1. UDP137 Netbios name query 2. TCP connection setup (1247 -> 139) 3. Actual text ("This is a test") appeared in a single TCP packet (1247 -> 139). This also appeared to be the case in my proof-of-concept Perl code that launched the NetMessageBufferSend() API code. I'll have to download the DA demo and see how that works. > I understand that the .exe involved may be > 'svchost.exe' or > 'services.exe'...depending on OS and version. On 2K, it's definitely service.exe. I don't have an XP machine to query, but I checked on the Net and found both. However, MS says service.exe in KB article Q314056 (applies to XP Pro). Also, http://www.theeldergeek.com/messenger.htm says "services.exe", as well. I'd be interested in seeing what OS versions have the Messenger service running under svchost.exe, and which ones have it running under services.exe. Carv __________________________________________________ Do you Yahoo!? Faith Hill - Exclusive Performances, Videos & More http://faith.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Wed Oct 16 2002 - 19:02:35 PDT