We have a .NET application which, on a certain server, keeps making various TCP requests which are being blocked by our firewall.
The application has no reason to try to access the Internet, it only needs to communicate with our database server.
It seems to be trying to contact a certain address at deploy.akamaitechnologies.com, which apparently hosts a vast number of different files for various people/companies.
How can I debug which part of our code this request is coming from? TCPView indicates the request is coming directly from our .exe.
The code uses nHibernate libraries, my first guess was that a library was trying to update itself automatically but then presumably the request wouldn't be issuing direct from our .exe?
Could our .exe be infected with a virus on that particular server? Our anti-virus is up-to-date and scanning the .exe reveals nothing.
EDIT: OK I've finally got Wireshark on the server, not sure what to do with the output though. A couple of things I've noticed is that it sends a "name query nbstat" to an IP address owned by RIPE Network Coordination Centre, and also a message from "src port caicci" to the http port again on an IP address owned by RIPE Network Coordination Centre. It's hard to track all of the relevant requests because I don't know in advance which IP addresses it will use (it's different every time), and Wireshark seems to crash due to the volume of data if I leave it capturing for more than a minute or so. Apparently you can't filter by process?
Are you sure the exe that is running called
YourApp.exeis actually the one you think it is? Can you do an md5sum of a trusted exe and compare with one on the server?Assuming you dont have Visual Studio installed on the server (or can't remote debug) then you can get a dump of the process and analyze on your own machine. Is it a .NET4 process?