Announcement

Collapse
No announcement yet.

How to trace PID, application and port number

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • How to trace PID, application and port number

    I have a XP system inside the LAN which is sending frequent requests to the Internet with source port 139, destination port keeps incrementing but the destination IP is fixed.
    The traffic is getting denied at the internet firewall.
    At the system level I would like to track the PID/Application which is creating this traffic?
    I have tried netstat -naob without any luck.

    Any advice?

  • #2
    Re: How to trace PID, application and port number

    netstat -nao > c:\net.txt
    This pipes the output to a text file so much easier to read. Find the PID using the port.
    Then go to task manager->processes, go to the View menu, select columns and check the box for PID. That'll tell you the process using the port.

    If that's not giving you what you need then I think you'll need a network analyser like netmon or wireshark to get a deeper analysis of the traffic.
    BSc, MCSA: Server 2008, MCSE, MCSA: Messaging, MCTS
    sigpic
    Cruachan's Blog

    Comment


    • #3
      Re: How to trace PID, application and port number

      Yes, It's the System process with PID = 4
      How can I dig it further?
      Last edited by avilt; 21st July 2011, 03:12.

      Comment


      • #4
        Re: How to trace PID, application and port number

        You may want to check out TCPview and Process Explorer which are apart of the Sysinterals suite of utilities.

        http://technet.microsoft.com/en-us/s...rnals/bb896653 (Process Explorer)
        http://technet.microsoft.com/en-us/s...rnals/bb897437 (TCPview)

        Ryan

        Comment


        • #5
          Re: How to trace PID, application and port number

          Originally posted by avilt View Post
          Yes, It's the System process with PID = 4
          How can I dig it further?
          What do you mean dig further???

          Using the method cruachan gave you will tell you the offending .exe file that is causing these requests then you can start worin out if the machine is infected with something.

          Comment

          Working...
          X