Re: Associate PID with ICMP Request in Windows?

[Colin Copley <colin.75 () btinternet com>]

Megan Kielman wrote:
> On a  Windows system, how would I go about determine which PID is
> issuing an ICMP Echo Request? I read an article about the ping message
> and it said that on Windows, the Identification field always shows 256
> whereas other OS's actually show the PID of the process initiating the
> ping.

Hi

With either Process Explorer, FileMon (from sysintenals) or both you can 
look for processes using wsock32.dll, icmp.dll, ws2_32.dll, mswsock.dll, 
wshtcpip.dll or ping.exe which should point you in the right direction.

Obviously lots of legitimate prcesses also use these dll's so you might 
have to play with the filter settings a bit.

A simple desktop firewall might also do the trick, dunno about PID but 
you can find that out with the above tools once you have the process name.

Cheers
Colin