Enviroment Picture
Im using a Windows XP Pro workstation.
I can see (thru netstat) that there is a outgoing connection from my station to corporate proxy cache.
I can identify the process that is maintaining that connection - its not a "regular" browser, its is a http tunnel "hack".

How can i know ip address or "name" of the tunnel termination server from HERE (from workstation - i can see it on proxy server)?

But using "regular tools", presented to "regular users". No sniffers or other tools that a "restricted user" cant install on WinXP, please.