Here's some background.
This is a 3 node SQL cluster running 10 instances all SQL 2012 on WIN2012R2. Each SQL instance has its own IP and uses p1433, so browser is not used to make connections to named instances.
One of our monitoring tools caught a SQL instance source using the SQL browser to do an internal port scan against the node it is running on.
Sample of ports scanned:
TCP/UDP Port (Impacted):
49179 (4)
49171 (4)
49173 (4)
Is anyone aware of this sort of behavior out of the browser service?