Security Basics mailing list archives
Re: Associate PID with ICMP Request in Windows?
From: Colin Copley <colin.75 () btinternet com>
Date: Thu, 13 Dec 2007 23:30:51 +0000
Megan Kielman wrote:
On a Windows system, how would I go about determine which PID is issuing an ICMP Echo Request? I read an article about the ping message and it said that on Windows, the Identification field always shows 256 whereas other OS's actually show the PID of the process initiating the ping.
HiWith either Process Explorer, FileMon (from sysintenals) or both you can look for processes using wsock32.dll, icmp.dll, ws2_32.dll, mswsock.dll, wshtcpip.dll or ping.exe which should point you in the right direction.
Obviously lots of legitimate prcesses also use these dll's so you might have to play with the filter settings a bit.
A simple desktop firewall might also do the trick, dunno about PID but you can find that out with the above tools once you have the process name.
Cheers Colin
Current thread:
- Associate PID with ICMP Request in Windows? Megan Kielman (Dec 12)
- Re: Associate PID with ICMP Request in Windows? Colin Copley (Dec 13)