Link to home
Start Free TrialLog in
Avatar of lesterw2
lesterw2

asked on

How do I determine what process is doing outbound network connections?

I have a (possibly rogue) process on my Windows 7 computer which is attempting to communicate to an outside IP address using IP Protocol 41 (IPv6). It appears to be some sort of Spyware for www.barefruit.co.uk. My old firewall is not IPv6 aware so it simply reports Src Port=1 and Dst Port =1 and IP Protocol = 41 (i.e., I don't know what the "real" IPv6 port numbers are).

How can I track down the process which is attempting this communication? I know the destination IP address that the app is trying to connect to every 5 seconds, but that is about it. I rant NETSTAT -aon -p TCPv6 (as well as UDPv6) but nothing is obvious.  

In answering this question, I am looking more to understand the process of identifying an application association with certain IP traffic. Third party tool recommendations are appreciated. I am not looking for suggestions such as running a virus scanner, etc. Thanks!
ASKER CERTIFIED SOLUTION
Avatar of Nik
Nik
Flag of Croatia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Avatar of lesterw2
lesterw2

ASKER

The problem turned out to be a DNS server that would respond with an IP address even for a non-existant domain. My OUTLOOK picked up some bugs address and was trying to contact it. The failed DNS lookups were being redirected so that browsers would bring up a marketing page.  Ugh.  Thanks for the tool tips!