Re: How to find a process



Hello Fran,

If your server is running a copy of Windows Server 2000 & above, then
at the command prompt of the server, type "netstat -ano". You'll get a
listing of locally open ports along with it connection to foreign IP
Address with it's PID number. Now pick up this PID number & look into
Windows Task Manager to see which process does the PID number belongs
to.

Besides this tedious technique, a simpler technique is to use "Process
Explorer" from Sysinternals or "TCPMon".

Process Explorer:
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

TCPMon: https://tcpmon.dev.java.net/

However if your server is UNIX based, then you can try "netstat -antp"
for TCP & "netstat -anup" for UDP protocols connections currently
active on your server.

Popular 'lsof' command (needs to be installed seperatly) can also help
you in this regard.

Besides this, running a Vulnerability Scanner (like Nessus) against
this server is also a recommended step before it gets totally
compromised.

Nessus: http://www.nessus.org/download/

------
Nikhil Wagholikar

Security Analyst
NII Consulting
www.niiconsulting.com


On 6/13/07, Francisco Rodrigo Cortinas Maseda
<francisco.cortinas@xxxxxxxxxxx> wrote:
Hello,

my name is Fran, im a network and system administrator, and i have a
strange case, but sure somenone have had the same problem before me.

My problem is that we have some strange traffic on the firewalls, going
from a server on a DMZ to public client pools.

10:09:10.511978 00:0e:0c:71:7f:cd > 10:00:00:00:26:01, ethertype IPv4
(0x0800), length 61: IP XXXXX.44267 > XXXXXX.3072: UDP, length 19

The problem is: with netstat i only see the ports daemons are listening
on. I want to know the process that is using the outgoing port, that is,
44267.

Is there a way to know this?

Thanks in advance.
Regards.




Relevant Pages

  • Re: SubSeven alerts: Norton Firewall vs Hacks/Trojan cleaner
    ... Personal Web Server -- PWS), mail servers, news servers, ftp servers, IRC ... | - use netstat with appropriate options to check for listening services ... firewall which make decisions as to what to ... As for the Subseven Alerts, again, Wolfgang is largely correct; ...
    (comp.security.firewalls)
  • Re: Wnidows Server 2003 - I need help in getting the Connection Co
    ... command if already running. ... it fires off the netstat command for you, sending the results from that to ... SHELL EXEC FUNCTION ON SERVER 2003 - PERMISION PROBLEM!!!!! ... requires administator access we are get file permison problems - ANY ...
    (microsoft.public.windowsmedia.server)
  • Re: Slow Box
    ... server, any scripts on the web site? ... Shared Hosting, Reseller Hosting, Dedicated & Semi-Dedicated servers ... For lsof and netstat, there are too many lines to paste. ...
    (comp.os.linux.misc)
  • Re: Wnidows Server 2003 - I need help in getting the Connection Co
    ... exteral application in since it needs to run on Windows Server 2003. ... command if already running. ... it fires off the netstat command for you, sending the results from that to ... SHELL EXEC FUNCTION ON SERVER 2003 - PERMISION PROBLEM!!!!! ...
    (microsoft.public.windowsmedia.server)
  • Re: SQL Server does not exist or access denied.
    ... netstat -noa shows a bunch of local local processes, ... Dumb question first: The server is running? ... Look for the process ID of the server process in task manager. ... not being able to connect with port 1443. ...
    (microsoft.public.dotnet.languages.vb)