Re: How to find process behing TCP connection ?
- From: "Mario A. Spinthiras" <mario@xxxxxxxxxxxxx>
- Date: Thu, 28 Sep 2006 09:44:35 +0300
Colin Copley wrote:
Maybe this is some help?/usr/sbin/lsof <--- use that
http://forum.sysinternals.com/forum_posts.asp?TID=3432
If not, perhaps you could attempt to telnet or putty into the port, and see
if it returns an error message which might give some more info.
Another idea - try ethereal to capture the packet data and see what it
contains.
Also I believe nmap can attempt to establish what's listening on a certain
port. It might give you more info than just system 4.
Regards
Colin
----- Original Message ----- From: "Buozis, Martynas" <martynas@xxxxxx>
Hello
I need an advice. I have Windows 2003 server. It occasionally show
strange and suspicious network behavior. I used command "netstat -abov"
and Process explorer tool from Sysinternals to find process behind
connections. I found that it is "System 4" and got stuck. How I can
identify what is behind this "System 4"?
I thought it may be hidden process, but RootkitReveal from Systinternals
did not show anything.
I will be grateful for any ideas how to identify what is behind these
TCP connections from server to many computers!
Thank you in advance.
With best regards
Martynas
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
If you are on windows , then download the cygwin package , which contains lsof which in continuation you can use to resolve your issue.
Regards,
Mario A. Spinthiras
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- References:
- How to find process behing TCP connection ?
- From: Buozis, Martynas
- Re: How to find process behing TCP connection ?
- From: Colin Copley
- How to find process behing TCP connection ?
- Prev by Date: Re: Good SPAM filter for Outlook for use in a small non-profite ORG
- Next by Date: Re: Good SPAM filter for Outlook for use in a small non-profite ORG
- Previous by thread: Re: How to find process behing TCP connection ?
- Next by thread: Re: How to find process behing TCP connection ?
- Index(es):
