Re: How to find process behing TCP connection ?

Buozis, Martynas wrote:
Hello

I need an advice. I have Windows 2003 server. It occasionally show
strange and suspicious network behavior. I used command "netstat -abov"
and Process explorer tool from Sysinternals to find process behind
connections. I found that it is "System 4" and got stuck. How I can
identify what is behind this "System 4"?

I thought it may be hidden process, but RootkitReveal from Systinternals
did not show anything.

I will be grateful for any ideas how to identify what is behind these
TCP connections from server to many computers!

Thank you in advance.

With best regards
Martynas

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------


I'm not a windows guru but presumably you can go by it through the *nix method.

Get CYGWIN from Redhat. make sure you install stuff like lsof and ps from the packages. (and top). These are all commands from *nix based environments that help out in situations like this.

They should help you see whats going on your microshoft system


Regards,
Mario A. Spinthiras


---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Relevant Pages

  • RE: Opinions on vulnerability scanning practice?
    ... I'd like to get a community opinion on this. ... management firm run a vulnerability scan on our server, ... Norwich University ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ...
    (Security-Basics)
  • RE: blocking file formats in the interior of the network
    ... If you are running Windows 2003 server R2 you can use the File Server ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic ... Our program offers unparalleled Infosec management ...
    (Security-Basics)
  • RE: Deny client from obtaining IP address
    ... Radius backend server with the TLS protocol authentication method or mac ... LOL I use the 802.1 to lock down our ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)
  • RE: Allowing Non admin users to install approved software
    ... Management Server. ... management - including software distribution. ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence ...
    (Security-Basics)
  • Re: [Full-disclosure] Backdooring PDF Files
    ... The following command works only in Gecko-based browsers: ... EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE ... The NSA has designated Norwich University a center of Academic Excellence in Information Security. ...
    (Security-Basics)