Petri.com forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Security > General Security
Petri.com is happy to award RicklesP the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read
Notices

How to trace PID, application and port number

How to trace PID, application and port number

this thread has 4 replies and has been viewed 9306 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 19th July 2011, 09:18
avilt avilt is offline
Casual
It's not a coincidence
 
 Join Date: Jan 2010
  6 month star 12 month star
 Posts: 87
 Reputation: avilt is on a distinguished road (10)
Default How to trace PID, application and port number

I have a XP system inside the LAN which is sending frequent requests to the Internet with source port 139, destination port keeps incrementing but the destination IP is fixed.
The traffic is getting denied at the internet firewall.
At the system level I would like to track the PID/Application which is creating this traffic?
I have tried netstat -naob without any luck.

Any advice?
  #2  
Old 19th July 2011, 13:09
cruachan's Avatar
MVM cruachan cruachan is offline
Senior Member
MVM
 
 Join Date: Jun 2008
  6 month star 12 month star
 Location: Hamilton, Scotland
 Posts: 2,104
 Reputation: cruachan is just really nicecruachan is just really nicecruachan is just really nicecruachan is just really nicecruachan is just really nice (421)
Default Re: How to trace PID, application and port number

netstat -nao > c:\net.txt
This pipes the output to a text file so much easier to read. Find the PID using the port.
Then go to task manager->processes, go to the View menu, select columns and check the box for PID. That'll tell you the process using the port.

If that's not giving you what you need then I think you'll need a network analyser like netmon or wireshark to get a deeper analysis of the traffic.
__________________
BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS

Cruachan's Blog
  #3  
Old 20th July 2011, 02:58
avilt avilt is offline
Casual
It's not a coincidence
 
 Join Date: Jan 2010
  6 month star 12 month star
 Posts: 87
 Reputation: avilt is on a distinguished road (10)
Default Re: How to trace PID, application and port number

Yes, It's the System process with PID = 4
How can I dig it further?

Last edited by avilt; 21st July 2011 at 05:12..
  #4  
Old 21st July 2011, 06:36
ryansmitty ryansmitty is offline
Junior Member
Staying around
 
 Join Date: Mar 2008
  6 month star 12 month star
 Posts: 173
  Send a message via MSN to ryansmitty
 Reputation: ryansmitty is on a distinguished road (18)
Default Re: How to trace PID, application and port number

You may want to check out TCPview and Process Explorer which are apart of the Sysinterals suite of utilities.

http://technet.microsoft.com/en-us/s...rnals/bb896653 (Process Explorer)
http://technet.microsoft.com/en-us/s...rnals/bb897437 (TCPview)

Ryan
  #5  
Old 25th July 2011, 00:26
wullieb1 wullieb1 is offline
Moderator
 
 Join Date: Jul 2005
  6 month star 12 month star
 Location: Brisbane, Australia
 Posts: 7,060
 Reputation: wullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to beholdwullieb1 is a splendid one to behold (840)
Default Re: How to trace PID, application and port number

Quote:
Originally Posted by avilt View Post
Yes, It's the System process with PID = 4
How can I dig it further?
What do you mean dig further???

Using the method cruachan gave you will tell you the offending .exe file that is causing these requests then you can start worin out if the machine is infected with something.
Closed Thread


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Wich application use port 21 Oufti Windows Server 2000 / 2003 / 2003 R2 1 4th March 2008 00:15
DHCP Server Port Number norbert.ranjith Windows Server 2000 / 2003 / 2003 R2 3 28th February 2008 19:25
ActiveSync with Exchange on custom port number? someone4 Exchange 2000 / 2003 7 14th July 2006 19:48
what is ipsec and l2tp port number? erkal78 Windows Server 2000 / 2003 / 2003 R2 2 9th October 2005 06:22
> what is the right port number to open to enabe VPN ? Yakir DSL, Cable, and other Broadband Issues 2 5th February 2004 15:37


All times are GMT +3. The time now is 09:57.

Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri