Security Incidents mailing list archives

Re: Tracking down random ICMP

From: Javier Fernández-Sanguino <jfernandez () germinus com>
Date: Thu, 25 Jan 2007 13:13:20 +0100

Valdis.Kletnieks () vt edu dijo:

On Mon, 22 Jan 2007 09:19:31 -0400, Craig Chamberlain said:

Is there a tool that can determine which process ID is generating ICMP
packets or IRPs in Windows? TDImon seems to be TCP/UDP only. TCPview and
netstat apparently can't do it.


I'm not aware of any well-known userspace API that generates ICMP, so
any userspace would have to be hand-crafting the packets itself.  So what
you're looking for is a process that has a raw socket open.

Maybe you don't know about libdnet? [1] There are quite a number oftools that use it.


Regards

Javier


[1] http://libdnet.sourceforge.net/
(lib*dumb*net not to be confused with lib*dec*net)

Current thread:

Tracking down random ICMP Craig Chamberlain (Jan 22)
- Re: Tracking down random ICMP Kyle Maxwell (Jan 23)
- Re: Tracking down random ICMP Valdis . Kletnieks (Jan 23)
  - Re: Tracking down random ICMP Jose Nazario (Jan 23)
    - Re: Tracking down random ICMP Bojan Zdrnja (Jan 24)
  - Re: Tracking down random ICMP Javier Fernández-Sanguino (Jan 25)
    - Re: Tracking down random ICMP Valdis . Kletnieks (Jan 25)
    - Attempted FTP intrusion David Gillett (Jan 31)
    - Re: Attempted FTP intrusion Tillmann Werner (Jan 31)