I’m currently running Microsoft Network Monitor 3.1 on my Exchange server and I see the following “strange” traffic. If anyone can provide insight on this it would be appreciated.
1. Every 5 to 10 seconds my Exchange server sends ICMP echo requests to my two domain controllers (which are both GC’s).
2. I occasionally see my Exchange server issue what I presume is a DNS query for a single label name such as “host” or “domain” instead of for a FQDN such as “host.domain.com”.
3. I see my Outlook clients connecting to the store.exe process using UDP instead of TCP and RPC. Is this the normal behavior?
4. I see my Exchange server making TCP connections to my DC’s on port 25. Any idea what this is? If the destination port is 25 it could only be SMTP traffic right? Why would my Exchange server make an SMTP connection to my DC’s?