Security Basics mailing list archives

Re: RE: How to find process behing TCP connection ?

From: temtel () gmail com
Date: 28 Sep 2006 14:01:12 -0000

I find tdimon from sysinternals is also helpful when tracking suspicious processes that talk on the network.  It's like 
a sniffer, but monitors activity going through the transport driver interface in windows.  From this viewpoint you can 
often see processes in realtime as they make socket connections to remote systems.  This realtime context may reveal a 
different process name, or other processes communicating over the network at the same time-- I've discovered hidden 
proxy-trojan infections this way.

---------------------------------------------------------------------------
This list is sponsored by: Norwich University

EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.

http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------

Current thread:

Re: RE: How to find process behing TCP connection ? temtel (Sep 28)
- <Possible follow-ups>
- Re: How to find process behing TCP connection ? Colin Copley (Sep 28)
- Re: How to find process behing TCP connection ? Don Parker (Sep 28)
  - Re: How to find process behing TCP connection ? eromero (Sep 29)
- RE: How to find process behing TCP connection ? Steve Armstrong (Sep 29)
  - Re: How to find process behing TCP connection ? Michael Painter (Sep 29)
- Re: RE: How to find process behing TCP connection ? egravers (Sep 29)