Solved

How do I trace ICMP packets to the Windows process that is sending them?

Posted on 2007-04-11
3
1,488 Views
Last Modified: 2013-11-29
Hi there,
 
I've got a system sending large ICMP packets that our firewall is detecting. This is not a major issue but they are oversized and are fragmenting. Which seems odd. They appear to be transmitted at somewhat regular intervals.
 
I would like to dertermine what process is generating these packets. I've seached and found suggestions but no program or tool that is comparable to TCPView.  Which is really what I'd like to see. I am a network administrator and compiling code on Windows is something I would like to avoid if possible. Ideally a pre-exisiting program to resolve this would be great.
 
Does anyone have a solution or suggestion on how to trace what process is sending these large ICMP packets?

I actually have 2 systems doing this: Windows 2000 Server, SP4 and Windows Server 2003 Standard.

-Wireshark does not tie packets to a process.
-TCPView does not sho ICMP traffic.
-I wonder if this is even possible.
 
Thanks,
 
Eric
0
Comment
Question by:erisler
3 Comments
 
LVL 2

Expert Comment

by:Micah_B
Comment Utility
Hello,
Does the command "netstat" cover this function?
You could try a "netstat -p icmp" for starters.
Hope this helps
0
 

Author Comment

by:erisler
Comment Utility
Netstat does not help. I've posted several forum messages and had no luck. I'm really looking for a program that will monitor for ICMP packets and show the following:

-ICMP statistics (packet size, etc).
-originating process

Thanks for the help.

Eric
0
 
LVL 5

Accepted Solution

by:
skaap2k earned 250 total points
Comment Utility
A firewall like zonealarm will do something like this for you "Process X is trying to send a ping to x.x.x.x" .. do you want to allow this ... you could customise the app to just watch for ICMP traffic ..
0

Featured Post

Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

Join & Write a Comment

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
The password reset disk is often mentioned as the best solution to deal with the lost Windows password problem. In Windows 2008, 7, Vista and XP, a password reset disk can be easily created. But besides Windows 7/Vista/XP, Windows Server 2008 and ot…
Windows 8 comes with a dramatically different user interface known as Metro. Notably missing from the new interface is a Start button and Start Menu. Many users do not like it, much preferring the interface of earlier versions — Windows 7, Windows X…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now