Security Incidents mailing list archives
Re: Tracking down random ICMP
From: Valdis.Kletnieks () vt edu
Date: Tue, 23 Jan 2007 10:32:10 -0500
On Mon, 22 Jan 2007 09:19:31 -0400, Craig Chamberlain said:
Is there a tool that can determine which process ID is generating ICMP packets or IRPs in Windows? TDImon seems to be TCP/UDP only. TCPview and netstat apparently can't do it.
I'm not aware of any well-known userspace API that generates ICMP, so any userspace would have to be hand-crafting the packets itself. So what you're looking for is a process that has a raw socket open.
Attachment:
_bin
Description:
Current thread:
- Tracking down random ICMP Craig Chamberlain (Jan 22)
- Re: Tracking down random ICMP Kyle Maxwell (Jan 23)
- Re: Tracking down random ICMP Valdis . Kletnieks (Jan 23)
- Re: Tracking down random ICMP Jose Nazario (Jan 23)
- Re: Tracking down random ICMP Bojan Zdrnja (Jan 24)
- Re: Tracking down random ICMP Javier Fernández-Sanguino (Jan 25)
- Re: Tracking down random ICMP Valdis . Kletnieks (Jan 25)
- Attempted FTP intrusion David Gillett (Jan 31)
- Re: Attempted FTP intrusion Tillmann Werner (Jan 31)
- Re: Tracking down random ICMP Jose Nazario (Jan 23)