|
-
October 11th, 2012, 02:13 AM
#9
output of process explorer.jpgtcp view.jpg
Download this. Every technician of any sort needs these utilities.
First, run TCPView as an administrator and grab the PIDs of any suspicious traffic source. Sometimes, the source is obvious (iexplore.exe, various updates, etc) other times you'll be stuck with svchost.exe with no way to know what is actually forcing connections.
Once you have the PIDs, you can use Process Explorer to check out the processes. If you locate the PID, and it's a nonsense process such as rundll or svchost, you can right click and hit properties to get the actuall command line that is/was used to load the process, including GUID and other relevant info.
Code:
The tools worked great. I was able to end connections that i wanted to. it seemed there was something on my system doing outbound connections, I run virtual box in a server mode but i always make sure to disconnect and kill the connection. Thank you for the help. ps; heres the latest screen shot of the applications
Similar Threads
-
By Fishful in forum Newbie Security Questions
Replies: 9
Last Post: February 27th, 2005, 04:04 AM
-
By DeadAddict in forum Other Tutorials Forum
Replies: 7
Last Post: October 12th, 2003, 05:10 AM
-
By LiquidWhore in forum Newbie Security Questions
Replies: 7
Last Post: June 3rd, 2003, 07:49 AM
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
Reply With Quote