I think I have sorted it out. On your suggestion, I downloaded WireShark and did some packet captures. I got a hit on 212.117.183.170 and stopped the capture. The data it captured was unreadable. So I had an idea. I downloaded Process Explorer from Microsoft and found Java.exe in the list of running processes. I opened it's processes and saw that the i2p service was using java.exe. On a suggestion from a friend of mine, I had downloaded the I2P client on the 31st of July and installed it but had not gotten around to doing anything with it. I believe that this is what was causing the odd java.exe traffic since the service keeps in contact with hosts to make the I2P network service larger. Since uninstalling I2P this afternoon I have not gotten any more hits on any IPs. I know that some of what goes on on I2P is questionable at best, and I think I know why, but I was curious as to what I2P is. I believe that this also explains why the packets were unreadable since I think I2P packets are encrypted. Thanks for the quick reply, I will certainly be back if I see any more persistent traffic from those ranges. James PS: I have included the packet exchange that I did capture with Wireshark if you still want to see them. 212.117.146.190.pcap.zip