What I found is this:
Ethereal shows the source port and ip address for this request. Obliviously I know it's my own inside ip address, but with an util called fport, it will show me the the process that is using the source port. It happens to be svchost.exe. There are a few running in the background. So now I know that's it the svchost process that is constantly making this request. So far all I know is that svchost is sometimes working in conjunction with DNSCACHE. But this is as far as I got.
Aah !! the wonderful svchost.exe !! Killing processes will not help you my friend..
svchost is microsofts wonderful way of allowing its services to access the net etc.. basically any windows service that needs to access the net runs as an instance of svchost.exe.. this is wonderful as its very difficult to figure out what service is making what request !! However there are things you can do.
The starting point would be to check the services you're running
start >> run >> services.msc
you might find some spyware or something has started a service.
If you say this is happening all the time, the service is probably set to start automatically..
which has a list of services that you can and should disable.. and what you require to run what.. disable anything you're not using.
second thing you can do is.. in the windows 2000 resource kit (on the cd) there is a command line utility called tlist.exe.. it shows you the subprocesses in each main process.. run it like this
you'll see svchost listed, along with all the services its acting as an agent for.
btw, instead of using fport goto
and download tcpview (35kb freeware) it is like netstat, and it shows you the process making each connection... also lets you close the connection and kill the process.