Re: How to find a process

["Nikhil Wagholikar" <visitnikhil () gmail com>]

Hello Fran,

If your server is running a copy of Windows Server 2000 & above, then
at the command prompt of the server, type "netstat -ano". You'll get a
listing of locally open ports along with it connection to foreign IP
Address with it's PID number. Now pick up this PID number & look into
Windows Task Manager to see which process does the PID number belongs
to.

Besides this tedious technique, a simpler technique is to use "Process
Explorer" from Sysinternals or "TCPMon".

Process Explorer:
http://www.microsoft.com/technet/sysinternals/utilities/ProcessExplorer.mspx

TCPMon: https://tcpmon.dev.java.net/

However if your server is UNIX based, then you can try "netstat -antp"
for TCP & "netstat -anup" for UDP protocols connections currently
active on your server.

Popular 'lsof' command (needs to be installed seperatly) can also help
you in this regard.

Besides this, running a Vulnerability Scanner (like Nessus) against
this server is also a recommended step before it gets totally
compromised.

Nessus: http://www.nessus.org/download/

------
Nikhil Wagholikar

Security Analyst
NII Consulting
www.niiconsulting.com


On 6/13/07, Francisco Rodrigo Cortinas Maseda
<francisco.cortinas () jazztel com> wrote:
> Hello,
>
> my name is Fran, im a network and system administrator, and i have a
> strange case, but sure somenone have had the same problem before me.
>
> My problem is that we have some strange traffic on the firewalls, going
> from a server on a DMZ to public client pools.
>
> 10:09:10.511978 00:0e:0c:71:7f:cd > 10:00:00:00:26:01, ethertype IPv4
> (0x0800), length 61: IP XXXXX.44267 > XXXXXX.3072: UDP, length 19
>
> The problem is: with netstat i only see the ports daemons are listening
> on. I want to know the process that is using the outgoing port, that is,
> 44267.
>
> Is there a way to know this?
>
> Thanks in advance.
> Regards.