Security Incidents mailing list archives
Re: Tracking down random ICMP
From: Javier Fernández-Sanguino <jfernandez () germinus com>
Date: Thu, 25 Jan 2007 13:13:20 +0100
Valdis.Kletnieks () vt edu dijo:
On Mon, 22 Jan 2007 09:19:31 -0400, Craig Chamberlain said:Is there a tool that can determine which process ID is generating ICMP packets or IRPs in Windows? TDImon seems to be TCP/UDP only. TCPview and netstat apparently can't do it.I'm not aware of any well-known userspace API that generates ICMP, so any userspace would have to be hand-crafting the packets itself. So what you're looking for is a process that has a raw socket open.
Maybe you don't know about libdnet? [1] There are quite a number of tools that use it.
Regards Javier [1] http://libdnet.sourceforge.net/ (lib*dumb*net not to be confused with lib*dec*net)
Current thread:
- Tracking down random ICMP Craig Chamberlain (Jan 22)
- Re: Tracking down random ICMP Kyle Maxwell (Jan 23)
- Re: Tracking down random ICMP Valdis . Kletnieks (Jan 23)
- Re: Tracking down random ICMP Jose Nazario (Jan 23)
- Re: Tracking down random ICMP Bojan Zdrnja (Jan 24)
- Re: Tracking down random ICMP Javier Fernández-Sanguino (Jan 25)
- Re: Tracking down random ICMP Valdis . Kletnieks (Jan 25)
- Attempted FTP intrusion David Gillett (Jan 31)
- Re: Attempted FTP intrusion Tillmann Werner (Jan 31)
- Re: Tracking down random ICMP Jose Nazario (Jan 23)