Security Basics mailing list archives

AW: Finding which programme started an outgoing connection

From: <FH_Steini () gmx de>
Date: Fri, 11 Feb 2011 23:58:12 +0100

I think SysInternals is great. 
The On-Board-Windows-Command (same like TCPView, but no GUI) is:

        netstat -a

You can get good information's about your running programs and/or
connections with these Tools too:

        IceSword (www.xfocus.org, www.xfocus.net)[Very Nice Tool - with own
driver, detects files when they where hidden by rootkit's] :)
        ProcessGuard (www.diamondcs.com)
        Process Hacker (http://processhacker.sourceforge.net) 
        Multimon (www.resplendence.com) - Demo
        TaskInfo (www.iarsn.com) - Demo
        Security Task Manager (www.neuber.com) Basic version is free

Sorry about my poor English!

PS:
--> Google said the IP runs a Gametracker for CS-Source
http://www.gametracker.com/lukadane/
--> More info's, but nothing special:
http://whois.domaintools.com/81.171.115.5

Tom,

Everyone is close (Process Explorer is one of my all-time favorites),
but what you are looking for is TCPView from SysInternals (now
Microsoft).

http://technet.microsoft.com/en-us/sysinternals/bb897437

Richard Thomas

On Sat, Feb 5, 2011 at 5:38 AM, Tom Causer <causerino () gmail com> wrote:
Hello List,

This is more of an end user question then anything else:



I use zone alarm on my pc, and it is alerting that some during boot up
is attempting to connect (UDP) to an IP address in the Netherlands
81.171.115.5 (it looks like some colocation service over there).

Now I would like to know how I can track back to find out what service
is making that connection during boot up, but I have no idea how I
would go about doing that?   (Other then setting up a hub with my
desktop and capture in wireshark, which I can do fine, its just the
analysis of the traffic to find out whats causing it, so I would
rather not do that step)

Using Windows 7 OS.

Cheers,

Tom

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL

certificate.  We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1

------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL
certificate. We look at how SSL works, how it benefits your company and how
your customers can tell if a site is secure. You will find out how to test,
purchase, install and use a thawte Digital Certificate on your Apache web
server. Throughout, best practices for set-up are highlighted to help you
ensure efficient ongoing management of your encryption keys and digital
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727
d1
------------------------------------------------------------------------

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase,
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------

Current thread:

Finding which programme started an outgoing connection Tom Causer (Feb 07)
- Re: Finding which programme started an outgoing connection Littlefield, Tyler (Feb 08)
  - RE: Finding which programme started an outgoing connection Matthew Reed (Feb 10)
  - Re: Finding which programme started an outgoing connection Nikhil Manampady (Feb 10)
    - Re: Finding which programme started an outgoing connection Littlefield, Tyler (Feb 10)
    - Re[2]: Finding which programme started an outgoing connection Adam Pal (Feb 11)
    - Re: Re[2]: Finding which programme started an outgoing connection Nikhil Manampady (Feb 11)
- Re: Finding which programme started an outgoing connection anthony kasza (Feb 08)
- Re: Finding which programme started an outgoing connection Richard Thomas (Feb 11)
  - AW: Finding which programme started an outgoing connection FH_Steini (Feb 11)
- <Possible follow-ups>
- Re: Finding which programme started an outgoing connection tomasello2000 (Feb 08)
- Re: Finding which programme started an outgoing connection scott_conklin (Feb 10)
- Re: Finding which programme started an outgoing connection mcsegold (Feb 10)