Re: RE: How to find process behing TCP connection ?
- From: temtel@xxxxxxxxx
- Date: 28 Sep 2006 14:01:12 -0000
I find tdimon from sysinternals is also helpful when tracking suspicious processes that talk on the network. It's like a sniffer, but monitors activity going through the transport driver interface in windows. From this viewpoint you can often see processes in realtime as they make socket connections to remote systems. This realtime context may reveal a different process name, or other processes communicating over the network at the same time-- I've discovered hidden proxy-trojan infections this way.
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
- Prev by Date: Re: No NetBios share + No Open Port = Safe Win98?
- Next by Date: RE: Security procedure question
- Previous by thread: Re: AW: Re: nmap -sS SYN-SCAN does not find all open Ports?
- Next by thread: Re: How to find process behing TCP connection ?
- Index(es):
