Solved

How do I trace ICMP packets to the Windows process that is sending them?

Posted on 2007-04-11
3
1,532 Views
Last Modified: 2013-11-29
Hi there,
 
I've got a system sending large ICMP packets that our firewall is detecting. This is not a major issue but they are oversized and are fragmenting. Which seems odd. They appear to be transmitted at somewhat regular intervals.
 
I would like to dertermine what process is generating these packets. I've seached and found suggestions but no program or tool that is comparable to TCPView.  Which is really what I'd like to see. I am a network administrator and compiling code on Windows is something I would like to avoid if possible. Ideally a pre-exisiting program to resolve this would be great.
 
Does anyone have a solution or suggestion on how to trace what process is sending these large ICMP packets?

I actually have 2 systems doing this: Windows 2000 Server, SP4 and Windows Server 2003 Standard.

-Wireshark does not tie packets to a process.
-TCPView does not sho ICMP traffic.
-I wonder if this is even possible.
 
Thanks,
 
Eric
0
Comment
Question by:erisler
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 2

Expert Comment

by:Micah_B
ID: 18890591
Hello,
Does the command "netstat" cover this function?
You could try a "netstat -p icmp" for starters.
Hope this helps
0
 

Author Comment

by:erisler
ID: 18917687
Netstat does not help. I've posted several forum messages and had no luck. I'm really looking for a program that will monitor for ICMP packets and show the following:

-ICMP statistics (packet size, etc).
-originating process

Thanks for the help.

Eric
0
 
LVL 5

Accepted Solution

by:
skaap2k earned 250 total points
ID: 18925127
A firewall like zonealarm will do something like this for you "Process X is trying to send a ping to x.x.x.x" .. do you want to allow this ... you could customise the app to just watch for ICMP traffic ..
0

Featured Post

What is SQL Server and how does it work?

The purpose of this paper is to provide you background on SQL Server. It’s your self-study guide for learning fundamentals. It includes both the history of SQL and its technical basics. Concepts and definitions will form the solid foundation of your future DBA expertise.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Understanding FTPS File transfer is a common requirement in most Enterprises. While there are numerous ways to get a file from Point A to Point B over a network, perhaps the most common method still in use is FTP – File Transfer Protocol. FTP is …
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question