Security Basics mailing list archives
RE: RE: How to find process behind TCP connection ?
From: "Robert D. Holtz - Lists" <robert.d.holtz () gmail com>
Date: Thu, 5 Oct 2006 12:59:12 -0500
There are no processes behind the System process ... just many threads. The 4 is just the Process ID. This is the core operating system. For example there are 76 threads running on my machine under System. By looking at these threads I can deduce what some of them are doing but not all of them. Are you trying to find the thread within System which handles a given protocol? -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Buozis, Martynas Sent: Thursday, October 05, 2006 7:04 AM To: Chesnutt, Lindsey P; security-basics () securityfocus com Subject: RE: RE: How to find process behing TCP connection ? Hello Ok, thanks again everyone who is trying to share experience. But I just want to remind my original question, which is following: How I can find real processes behind activity when "netstat -abvo" shows that it is "System 4" process? I am sure that every Windows PC would have any connection listed as owned by "System 4" in "netstat -abvo". So probably you may try to find what is behind to test offered approach or propose methodology. I still can't find right solution, while I tested all suggested approaches.... With best regards Martynas -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of Chesnutt, Lindsey P Sent: Monday, October 02, 2006 10:08 PM To: security-basics () securityfocus com Subject: RE: RE: How to find process behing TCP connection ? The -o works nicely with "tasklist /svc" to find the processes and services associated with the process ID. -----Original Message----- From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On Behalf Of deabimakgi () btconnect com Sent: Sunday, October 01, 2006 8:46 AM To: security-basics () securityfocus com Subject: Re: RE: How to find process behing TCP connection ? Have you tried netstat -anob -o Displays the owning process ID associated with each connection. -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient permissions. ------------------------------------------------------------------------ --- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ------------------------------------------------------------------------ --- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus --------------------------------------------------------------------------- --------------------------------------------------------------------------- This list is sponsored by: Norwich University EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE The NSA has designated Norwich University a center of Academic Excellence in Information Security. Our program offers unparalleled Infosec management education and the case study affords you unmatched consulting experience. Using interactive e-Learning technology, you can earn this esteemed degree, without disrupting your career or home life. http://www.msia.norwich.edu/secfocus ---------------------------------------------------------------------------
Current thread:
- Re: How to find process behing TCP connection ? Ansgar -59cobalt- Wiechers (Oct 02)
- <Possible follow-ups>
- Re: RE: How to find process behing TCP connection ? deabimakgi (Oct 02)
- RE: RE: How to find process behing TCP connection ? Chesnutt, Lindsey P (Oct 03)
- RE: RE: How to find process behing TCP connection ? Buozis, Martynas (Oct 05)
- Re: RE: How to find process behing TCP connection ? Colin Copley (Oct 06)
- Re: RE: How to find process behing TCP connection ? Ansgar -59cobalt- Wiechers (Oct 06)
- RE: RE: How to find process behind TCP connection ? Robert D. Holtz - Lists (Oct 06)
- RE: RE: How to find process behing TCP connection ? Chesnutt, Lindsey P (Oct 03)