Hi all I post to the Security forum - maybe Vista Networking might have been better? Anyway - here's the issue: I see a Vista machine sending SNMP requests (udp/161) with a default community "public" regulary to two (2) IP-addresses that do not belong to any known network. I would like to find out what process sends these requests. The computer has never been a member of a domain, and the SNMP feature is not installed. I have used Sysinternal's TCPView and netstat but I was unable to find any application sending udp/161 traffic. Yet on the wire I clearly see the traffic: 18:37:28.718784 PortC, IN: IP 192.168.1.70.57210 > 192.168.0.3.161: GetRequest(63) .1.3.6.1.2.1.25.3.2.1.5.1 .1.3.6.1.2[|snmp] Any ideas? Suggestions appreciated. Best Maurice

Hi, Thanks for posting in Microsoft TechNet forums. SNMP provides security by using community names and SNMP authentication traps. An SNMP trap is an event notification message sent by the SNMP Trap service running on an SNMP host. The SNMP trap is sent to other SNMP hosts or to an SNMP management system, which are known as trap destinations. Please refer to http://technet.microsoft.com/en-us/library/cc754924.aspx Best Regards Magon Liu TechNet Subscriber Support in forum. If you have any feedback on our support, please contact tnmff@microsoft.com Please remember to click Mark as Answer on the post that helps you, and to click Unmark as Answer if a marked post does not actually answer your question. This can be beneficial to other community members reading the thread.