Network Monitor Shows Epicor.exe process from local computer making TCP&TLS Connection To Azure?

Epicor ERP 10
,
1

Hey All, Quick question. Can someone tell me what function and why epicor.exe may be making TCP and TLS connections to “gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com” ? I’ve recently been trying to track down the reason some users are getting disconnected from Epicor and I was surprised to find when reviewing a network monitor report that epicor.exe from the users machine is making TCP and TLS connections to “gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com” Below are a few lines of the details of the ‘network conversation.’

11556 9:55:55 AM 5/14/2024 243.3837789 Epicor.exe 10.2.1.133 gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com TCP TCP:Flags=…S., SrcPort=58673, DstPort=HTTPS(443), PayloadLen=0, Seq=1741765521, Ack=0, Win=64240 ( Negotiating scale factor 0x8 ) = 64240 {TCP:1062, IPv4:1061}
11558 9:55:55 AM 5/14/2024 243.4049449 Epicor.exe gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com 10.2.1.133 TCP TCP:Flags=…A…S., SrcPort=HTTPS(443), DstPort=58673, PayloadLen=0, Seq=3918430304, Ack=1741765522, Win=65535 ( Negotiated scale factor 0x8 ) = 16776960 {TCP:1062, IPv4:1061}
11559 9:55:55 AM 5/14/2024 243.4050294 Epicor.exe 10.2.1.133 gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com TCP TCP:Flags=…A…, SrcPort=58673, DstPort=HTTPS(443), PayloadLen=0, Seq=1741765522, Ack=3918430305, Win=1024 (scale factor 0x8) = 262144 {TCP:1062, IPv4:1061}
11560 9:55:55 AM 5/14/2024 243.4065514 Epicor.exe 10.2.1.133 gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com TLS TLS:TLS Rec Layer-1 HandShake: Client Hello. {TLS:1064, SSLVersionSelector:1063, TCP:1062, IPv4:1061}
11562 9:55:55 AM 5/14/2024 243.4273939 Epicor.exe gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com 10.2.1.133 TLS TLS:TLS Rec Layer-1 HandShake: Server Hello.; TLS Rec Layer-2 Cipher Change Spec {TLS:1064, SSLVersionSelector:1063, TCP:1062, IPv4:1061}
11563 9:55:55 AM 5/14/2024 243.4402453 Epicor.exe 10.2.1.133 gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com TLS TLS:TLS Rec Layer-1 Cipher Change Spec; TLS Rec Layer-2 HandShake: Encrypted Handshake Message. {TLS:1064, SSLVersionSelector:1063, TCP:1062, IPv4:1061}
11565 9:55:55 AM 5/14/2024 243.4647502 Epicor.exe gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com 10.2.1.133 TLS TLS:TLS Rec Layer-1 HandShake: Encrypted Handshake Message.; TLS Rec Layer-2 SSL Application Data {TLS:1064, SSLVersionSelector:1063, TCP:1062, IPv4:1061}
11566 9:55:55 AM 5/14/2024 243.4647502 Epicor.exe gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com 10.2.1.133 TCP TCP:[Continuation to #11565]Flags=…A…, SrcPort=HTTPS(443), DstPort=58673, PayloadLen=1380, Seq=3918431784 - 3918433164, Ack=1741766341, Win=16384 (scale factor 0x8) = 4194304 {TCP:1062, IPv4:1061}
11567 9:55:55 AM 5/14/2024 243.4648765 Epicor.exe 10.2.1.133 gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com TCP TCP:Flags=…A…, SrcPort=58673, DstPort=HTTPS(443), PayloadLen=0, Seq=1741766341, Ack=3918433164, Win=1024 (scale factor 0x8) = 262144 {TCP:1062, IPv4:1061}
11568 9:55:55 AM 5/14/2024 243.4649192 Epicor.exe gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com 10.2.1.133 TCP TCP:[Continuation to #11565]Flags=…A…, SrcPort=HTTPS(443), DstPort=58673, PayloadLen=1380, Seq=3918433164 - 3918434544, Ack=1741766341, Win=16384 (scale factor 0x8) = 4194304 {TCP:1062, IPv4:1061}
11569 9:55:55 AM 5/14/2024 243.4649192 Epicor.exe gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com 10.2.1.133 TCP TCP:[Continuation to #11565]Flags=…AP…, SrcPort=HTTPS(443), DstPort=58673, PayloadLen=268, Seq=3918434544 - 3918434812, Ack=1741766341, Win=16384 (scale factor 0x8) = 4194304 {TCP:1062, IPv4:1061}
11570 9:55:55 AM 5/14/2024 243.4649766 Epicor.exe 10.2.1.133 gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com TCP TCP:Flags=…A…, SrcPort=58673, DstPort=HTTPS(443), PayloadLen=0, Seq=1741766341, Ack=3918434812, Win=1024 (scale factor 0x8) = 262144 {TCP:1062, IPv4:1061}
11572 9:55:55 AM 5/14/2024 243.4733020 Epicor.exe 10.2.1.133 gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com TLS TLS:TLS Rec Layer-1 SSL Application Data; TLS Rec Layer-2 SSL Application Data {TLS:1064, SSLVersionSelector:1063, TCP:1062, IPv4:1061}
11573 9:55:55 AM 5/14/2024 243.4938462 Epicor.exe gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com 10.2.1.133 TLS TLS:TLS Rec Layer-1 SSL Application Data {TLS:1064, SSLVersionSelector:1063, TCP:1062, IPv4:1061}
11574 9:55:55 AM 5/14/2024 243.4939130 Epicor.exe gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com 10.2.1.133 TLS TLS:TLS Rec Layer-1 SSL Application Data {TLS:1064, SSLVersionSelector:1063, TCP:1062, IPv4:1061}
2

Maybe this?

2 Likes
3

gig-ai-g-prod-eastus-0-app-v4-tag.eastus.cloudapp.azure.com

Suspicious Futurama GIF

4

Thanks Mark, this was very helpful. You were absolutely correct.

5

We can thank @hkeric.wci!

6

You don’t think his head is big enough?

7

I give credit where credit is due! There are no shortages of big hat wearers in IT. Overtime, I’ve noticed my hat fits a lot looser than in my younger days… :rofl:

2 Likes