Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: How to find process behing TCP connection ?

From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Thu, 5 Oct 2006 19:28:07 +0200
On 2006-10-05 Buozis, Martynas wrote:

Ok, thanks again everyone who is trying to share experience. But I
just want to remind my original question, which is following:

How I can find real processes behind activity when "netstat -abvo"
shows that it is "System 4" process?


As I have said before: "System" is basically a representation of the
kernel, so there is no real process behind it.


I am sure that every Windows PC would have any connection listed as
owned by "System 4" in "netstat -abvo". So probably you may try to
find what is behind to test offered approach or propose methodology.

I still can't find right solution, while I tested all suggested
approaches....


You may want to give some more details on the results of your
approaches, e.g. what does the suspicious traffic look like?

cu
59cobalt
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: