Security Basics mailing list archives

How to find process behing TCP connection ?

From: "Buozis, Martynas" <martynas () ti com>
Date: Tue, 26 Sep 2006 22:34:39 +0200

Hello

I need an advice. I have Windows 2003 server. It occasionally show
strange and suspicious network behavior. I used command "netstat -abov"
and Process explorer tool from Sysinternals to find process behind
connections. I found that it is "System 4" and got stuck. How I can
identify what is behind this "System 4"?

I thought it may be hidden process, but RootkitReveal from Systinternals
did not show anything.

I will be grateful for any ideas how to identify what is behind these
TCP connections from server to many computers!

Thank you in advance.

With best regards
Martynas

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Best single source of current infosec news? evb (Sep 25)
- Re: Best single source of current infosec news? sun sadm (Sep 26)
- Re: Best single source of current infosec news? Ivan . (Sep 26)
  - Re: Best single source of current infosec news? crazy frog crazy frog (Sep 27)
- <Possible follow-ups>
- Re: Best single source of current infosec news? krymson (Sep 26)
  - Re: Best single source of current infosec news? Alexander Bolante (Sep 26)
- RE: Best single source of current infosec news? Bryan_McAninch (Sep 26)
  - How to find process behing TCP connection ? Buozis, Martynas (Sep 27)
    - Re: How to find process behing TCP connection ? Colin Copley (Sep 27)
    - RE: How to find process behing TCP connection ? Buozis, Martynas (Sep 27)
    - Re[2]: How to find process behing TCP connection ? Roman Shirokov (Sep 28)
    - RE: How to find process behing TCP connection ? Simon Zuckerbraun (Sep 29)
    - RE: How to find process behing TCP connection ? Buozis, Martynas (Sep 27)
    - Re: How to find process behing TCP connection ? Danux (Sep 28)
    - Re: How to find process behing TCP connection ? Colin Copley (Sep 28)
    - RE: How to find process behing TCP connection ? Buozis, Martynas (Sep 28)
    - Re: How to find process behing TCP connection ? Daniel DeLeo (Sep 28)
    - Re: How to find process behing TCP connection ? Mario A. Spinthiras (Sep 29)

(Thread continues...)