RE: How to find a process

["Dan Denton" <ddenton () remitpro com>]

I believe Process Monitor, formerly by SysInternals and now owned by
Microsoft has the ability to display hosts that are connected remotely to a
particular process. I used this feature to see which IP's were sending email
to a mail proxy process on a server. The download is also free, last time I
checked.

-----Original Message-----
From: listbounce () securityfocus com [mailto:listbounce () securityfocus com] On
Behalf Of levinson_k () securityadmin info
Sent: Wednesday, June 13, 2007 7:54 PM
To: security-basics () securityfocus com
Subject: Re: How to find a process

To identify the Windows process that is sending out TCP/IP traffic... on the
source system, you can install just about any free or not-free client-based
/ personal firewall software.  

You can also install Microsoft's free Port Reporter, though it doesn't say
whether it is compatible with Windows Vista yet:

www.microsoft.com/downloads/details.aspx?FamilyID=69ba779b-bae9-4243-b9d6-63
e62b4bcd2e

If the results come back that "System" or SVCHOST.EXE is generating the
traffic, then you'll have to use a trick to try to find out which
subordinate process is actually generating the traffic.

kind regards,

Karl Levinson
http://securityadmin.info