Re: Finding out strange traffic
- From: "bumtracks" <lost@xxxxxxxxxx>
- Date: Thu, 30 Jun 2005 15:44:31 GMT
Sometimes here will open a cmd window and do a netstat -o (owner) which ties
product id to connected ip#'s then look in taskmanger to ID match the
product.
"Antti Mattila" <antti.mattilaremovethis@xxxxxxxxxxxx> wrote in message
news:0F11FF20-B453-440A-A44B-E27BA8C14DE4@xxxxxxxxxxxxxxxx
>I have been investingating strange traffic that tries to connect to remote
> port 80 on the Internet. There has been tens of different sites and they
> seem
> to have nothing in common.
>
> Virus DATs are in order, I have scanned the computers with Spybot and
> Adaware.
> And still it continues. I installed desktop firewalls even to desktops and
> blocked port 80 and took a log. I'm pretty sure that no program that was
> intentionally installed is causing the traggic.
>
> Log shows that svchost.exe is connecting all around the world very
> frequently on port 80.
>
> Windows networking maybe easy to use as a programmer as you can use these
> svchost etc. services for your networking needs, but how the hell do I
> find
> out which program has started them (including from where)? Programs like
> TCPView show that which command line has been used to start for example
> svchost. But I have never seen anything except legimate looking rpcss or
> something like that.
>
> I think this is a shortcoming in Windows networking. Any ideas how can I
> dig
> deeper?
.
- References:
- Finding out strange traffic
- From: Antti Mattila
- Finding out strange traffic
- Prev by Date: Re: firewall error!!
- Next by Date: ACCESS DENIED
- Previous by thread: Re: Finding out strange traffic
- Next by thread: User permissions for wireless LAN
- Index(es):
Relevant Pages
|
|
