 | |
| |
| 02 Dec 2009 | #1 |
| | How do I work out who connects to what application? I have Win 7 Home Premium and I run Netgadget which tells me amongst other things what active connections there are on my system at the moment. I have often been curious about this information and wondered about how legitimate some of these connections are. For instance right now I have a connection established to IP address 62.103.65.80 and netGadget says this is "dulac--r.static.otenet.gr". If I do a Whois search on the IP address I'm told it belongs to OTENET who are "Multiprotocol Service Provider to other ISP's and End Users located in Greece and having nodes in 63 cities". Now I have no reason to believe this isn't a genuine site, but to the best of my knowledge there is no reason why I should have any connection right now to a site in Greece. I have my Hotmail account open and 2 IE tabs open to WHOIS and this forum. In addition I have several other gadgets open to the BBC, the UK Met office, Airmiles (a UK rewards company) and Skype. So my question is does anyone know how I might track down which application on my system is holding the connection to the OTENET user? By the way whilst I was writing this entry the Greek connection went away and I now see I have a connection to a site in Russia (83.149.3.64 ip-83-149-3-64.nwgsm.ru on port 57104) - I'm getting quite worried (paranoid, even) about these even though I have a good firewall etc all up to date. |
My System Specs | |
| 02 Dec 2009 | #2 |
| | |
| My System Specs |
| 02 Dec 2009 | #3 |
| | Wireshark is pretty good at this sorta thing. Wireshark Go deep. |
| My System Specs |
| . |
| |
| 02 Dec 2009 | #4 |
| | 
Quote: Originally Posted by Bernard46  So my question is does anyone know how I might track down which application on my system is holding the connection to the OTENET user? A tool I develop called Process Hacker should do exactly what you need, You can grab it from here: http://www.sevenforums.com/projects/...esshacker.html Just click the network tab to view all processes network activity, you can also right-click a connection and ping/tracert/whois the connection directly from PH. If you spot any processes with suspicious network connections, right-click them on the Processes tab and goto Miscellaneous > Upload to VirusTotal and have that executable scanned by over 30 different anti-virus engines  (FYI: The latest versions don't have four tabs, this does since Im working on a new interface )  Hope it helps Steven |
| My System Specs |
| 03 Dec 2009 | #5 |
| | Fantastic That's a great tool Steven - just what I needed and way beyond what I was expecting. You have yourself a donation - not a lot, but enough to buy yourself a beer or two when the sun gets too hot down there. Can I make one suggestion? How about allowing a choice of colour coding based on the state of network connections (ala Process view) - say pastel shades which could be permanent (not go away after a few seconds) to enable one to monitor estblished or listening etc? regards, Bernard |
| My System Specs |
| 03 Dec 2009 | #6 |
| | From a command prompt: netstat -abno Wireshark is very good too. Process Hacker seems like a cool deal, although I never used it. |
| My System Specs |
 |
How do I work out who connects to what application? problems?
| Thread Tools | |
| Similar help and support threads for: How do I work out who connects to what application? | ||||
| Thread | Forum | |||
| System Restore doesn't work: "rstrui.exe - application error" | Backup and Restore | |||
| I disabled application info and application update in services.msc | BSOD Help and Support | |||
| Win XP Mode - Cannot start virtual application. The application is blo | Virtualization | |||
| Netbook connects at home but not at work? | Network & Sharing | |||
| Windows Application Blocker : Block Any Application With One Click | Software | |||
All times are GMT -5. The time now is 06:29 AM.
