My CheckPoint firewall is detecting an inordinate amount of NetBIOS traffic via UDP port137 from a server, internal to my LAN attempting to communicate with external IP addresses. Traffic patterns are consecutive nbname service transmits for an entire IP range, once the final octet is incremented to 255, a new initial starting IP is queried. I'm running TDImon from www.sysinternals.com to trace the transmits and all I can tell is that it intermittently switches from one process memory space to the next. Unfortunately I cannot pinpoint the file/registry entry tied to this activity. Virus Software is up to date and doesn't detect any threats. Thoughts anyone Thanks in advance.