[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 349
  • Last Modified:

tool that monitores what IP address are connecting to a certain service

anyone has a recommandation for a good tool that  can monitor which IP address connect to a certain service?
0
Amien90
Asked:
Amien90
  • 3
  • 3
  • 2
  • +2
1 Solution
 
abbrightCommented:
Try running "netstat".
0
 
parnassoCommented:
I recommend you tcpview from Sysinternals. Although its very basic, I think it is very handy.
0
 
DColclazierCommented:
the netstat command can help:

"netstat -ano" will list all UDP/TCP active/listening ports.


A more thorough method would be to install a packet monitoring tool such as WireShark on the server containing the services you want to monitor.

Find out what port is associated with the particular service, start the monitor, and limit the filter to only show connections to that port.


http://www.jdcnetworksolutions.com
0
Evaluating UTMs? Here's what you need to know!

Evaluating a UTM appliance and vendor can prove to be an overwhelming exercise.  How can you make sure that you're getting the security that your organization needs without breaking the bank? Check out our UTM Buyer's Guide for more information on what you should be looking for!

 
Amien90Author Commented:
i know tcpview .. where can i see a list of all IP's that connected to a certain service?
0
 
abbrightCommented:
netstat gives you the list of ports where a connection exists and the remote host connecting to it.
0
 
Amien90Author Commented:
well . i dont need that information .. a certain user is connecting quite alot to a certain service. I want to know what the IP address is.
0
 
abbrightCommented:
If you know the port the service is listening "netstat -n" gives you the IP-address that connect to it.
0
 
parnassoCommented:
With TCPView you can see the connections that service has opened. When you run TCPView, in the ProcessName column, you see processes names. The services are those whose name is svchost (the service host process). In order to know exactly which service is inside that host, right click over any svchost.exe and click on Properties and check the command line to find your service.
0
 
parnassoCommented:
In addition to TCPView, you can also take a look at Processexplorer. This tool is a kind of a swiss knife.

When you start processexplorer, you will see a list of all running processes in your system. The services are below a process called service.exe. There you will see many svchost.exe and other things, but the most important is that if you right click on one, check Properties, and choose the TCP/IP sheet. There you will see something like the following picture:

 Process explorer TCP/IP view
Hope it helps
0
 
chukuCommented:
0

Featured Post

The new generation of project management tools

With monday.com’s project management tool, you can see what everyone on your team is working in a single glance. Its intuitive dashboards are customizable, so you can create systems that work for you.

  • 3
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now