locked
Repeated syn_sent from winss.exe to 192.168.13.120:6331 from laptop on 192.168.0.x subnet RRS feed

  • Question

  • Win XP Pro SP2 laptop with a wireless connection on 192.168.0.x subnet

    Windows Live OneCare Version: 2.0.2500.14   Definitions: 1.24.5703.0  Firewall Policy: 1.2.30.116

    My IP is 192.168.0.3 and a desktop at same location is 192.168.0.10. 

     

    winss.exe attempts to repeatedly (not continuously) connect to 192.168.13.120.  It occurs so often that I am able to catch the attempt with a few trys of "netstat -ano".  I used tasklist /fi "pid eq 1288" to learn and confirm that 1288 was winss.exe.

     

    No correlation found in event viewer logs.

     

    httpcfg query ssl listed four certificates with the following IP

    10.0.0.120:6331  <= Likely Panera Bread free Wi-Fi with last visit a few days ago

    192.168.0.101:6331  <= No idea 

    192.168.0.3:6331  <= My current IP at home

    192.168.1.112:6331  <= No idea


    Checked IPs of a all defined printers (one at other site) and not even a subnet match for 192.168.13.x

     

    The failed handshake isn't causing any issues I've noticed, but I would like to correct this.

     

    Monday, January 21, 2008 2:52 AM

Answers

  • I found the same behavior occuring on my Vista desktop computer, which I had bought to replace an XP computer with a failed CPU.  I gave my brother the computer with the failed CPU, which he repaired and neglected to put the computer under his own WLOC subscription.  Merely going to the settings for "Your OneCare circle" and removing the PC which was now my brother's and not at my home, stopped the continual SYN-Sent.  The unusual subnet and IP address were how my brother had the computer configured.  It would seem to me, that there is some communication back to MS and the computer members of a OneCare circle attempt to reach one another.  I wonder about the situation where there is a desktop and two laptops.  Would the desktop keep trying to contact the laptops, when they are away from home?

    Sunday, February 10, 2008 7:19 PM

All replies

  • They are all local addresses, so I would suspect that OneCare is poking for your router or other PCs in your Circle. I would send you to support, but I think I'll leave this unanswered and ask the OneCare team to have a look at this thread.

    -steve

     

    Monday, January 21, 2008 3:50 AM
    Moderator
  • I found the same behavior occuring on my Vista desktop computer, which I had bought to replace an XP computer with a failed CPU.  I gave my brother the computer with the failed CPU, which he repaired and neglected to put the computer under his own WLOC subscription.  Merely going to the settings for "Your OneCare circle" and removing the PC which was now my brother's and not at my home, stopped the continual SYN-Sent.  The unusual subnet and IP address were how my brother had the computer configured.  It would seem to me, that there is some communication back to MS and the computer members of a OneCare circle attempt to reach one another.  I wonder about the situation where there is a desktop and two laptops.  Would the desktop keep trying to contact the laptops, when they are away from home?

    Sunday, February 10, 2008 7:19 PM
  • Thanks for explaining your findings. Yes, if the PC is part of the subscription, the Hub PC will want to obtain status and if the removed PC was the hub, it will keep trying to talk to that hub. On failure, it will simply report status to the server or obtain status from the server.

    -steve

     

    Monday, February 11, 2008 3:08 AM
    Moderator