• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1559
  • Last Modified:

How do I trace ICMP packets to the Windows process that is sending them?

Hi there,
 
I've got a system sending large ICMP packets that our firewall is detecting. This is not a major issue but they are oversized and are fragmenting. Which seems odd. They appear to be transmitted at somewhat regular intervals.
 
I would like to dertermine what process is generating these packets. I've seached and found suggestions but no program or tool that is comparable to TCPView.  Which is really what I'd like to see. I am a network administrator and compiling code on Windows is something I would like to avoid if possible. Ideally a pre-exisiting program to resolve this would be great.
 
Does anyone have a solution or suggestion on how to trace what process is sending these large ICMP packets?

I actually have 2 systems doing this: Windows 2000 Server, SP4 and Windows Server 2003 Standard.

-Wireshark does not tie packets to a process.
-TCPView does not sho ICMP traffic.
-I wonder if this is even possible.
 
Thanks,
 
Eric
0
erisler
Asked:
erisler
1 Solution
 
Micah_BCommented:
Hello,
Does the command "netstat" cover this function?
You could try a "netstat -p icmp" for starters.
Hope this helps
0
 
erislerAuthor Commented:
Netstat does not help. I've posted several forum messages and had no luck. I'm really looking for a program that will monitor for ICMP packets and show the following:

-ICMP statistics (packet size, etc).
-originating process

Thanks for the help.

Eric
0
 
skaap2kCommented:
A firewall like zonealarm will do something like this for you "Process X is trying to send a ping to x.x.x.x" .. do you want to allow this ... you could customise the app to just watch for ICMP traffic ..
0

Featured Post

Fill in the form and get your FREE NFR key NOW!

Veeam is happy to provide a FREE NFR server license to certified engineers, trainers, and bloggers.  It allows for the non‑production use of Veeam Agent for Microsoft Windows. This license is valid for five workstations and two servers.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now