?
Solved

tool that monitores what IP address are connecting to a certain service

Posted on 2011-03-09
10
Medium Priority
?
341 Views
Last Modified: 2013-12-04
anyone has a recommandation for a good tool that  can monitor which IP address connect to a certain service?
0
Comment
Question by:Amien90
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +2
10 Comments
 
LVL 10

Expert Comment

by:abbright
ID: 35080342
Try running "netstat".
0
 
LVL 4

Expert Comment

by:parnasso
ID: 35080385
I recommend you tcpview from Sysinternals. Although its very basic, I think it is very handy.
0
 
LVL 1

Expert Comment

by:DColclazier
ID: 35080412
the netstat command can help:

"netstat -ano" will list all UDP/TCP active/listening ports.


A more thorough method would be to install a packet monitoring tool such as WireShark on the server containing the services you want to monitor.

Find out what port is associated with the particular service, start the monitor, and limit the filter to only show connections to that port.


http://www.jdcnetworksolutions.com
0
Four New Appliances. Same Industry-leading Speeds.

But don't take it from us.  The Firebox M370 is Miercom tested and Miercom approved, outperforming its competitors for stateless and stateful traffic throughput scenarios.  Learn more about the M370, M470, M570 and M670 and find the right solution for your organization today!

 

Author Comment

by:Amien90
ID: 35080415
i know tcpview .. where can i see a list of all IP's that connected to a certain service?
0
 
LVL 10

Expert Comment

by:abbright
ID: 35080427
netstat gives you the list of ports where a connection exists and the remote host connecting to it.
0
 

Author Comment

by:Amien90
ID: 35080456
well . i dont need that information .. a certain user is connecting quite alot to a certain service. I want to know what the IP address is.
0
 
LVL 10

Expert Comment

by:abbright
ID: 35080513
If you know the port the service is listening "netstat -n" gives you the IP-address that connect to it.
0
 
LVL 4

Expert Comment

by:parnasso
ID: 35081258
With TCPView you can see the connections that service has opened. When you run TCPView, in the ProcessName column, you see processes names. The services are those whose name is svchost (the service host process). In order to know exactly which service is inside that host, right click over any svchost.exe and click on Properties and check the command line to find your service.
0
 
LVL 4

Accepted Solution

by:
parnasso earned 2000 total points
ID: 35081325
In addition to TCPView, you can also take a look at Processexplorer. This tool is a kind of a swiss knife.

When you start processexplorer, you will see a list of all running processes in your system. The services are below a process called service.exe. There you will see many svchost.exe and other things, but the most important is that if you right click on one, check Properties, and choose the TCP/IP sheet. There you will see something like the following picture:

 Process explorer TCP/IP view
Hope it helps
0
 
LVL 17

Expert Comment

by:chuku
ID: 35125334
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Background Information Recently I have fixed file server permission issues for one of my client. The client has 1800 users and one Windows Server 2008 R2 domain joined file server with 12 TB of data, 250+ shared folders and the folder structure i…
After seeing many questions for JRNL_WRAP_ERROR for replication failure, I thought it would be useful to write this article.
This tutorial will give a short introduction and overview of Backup Exec 2012 and how to navigate and perform basic functions. Click on the Backup Exec button in the upper left corner. From here, are global settings for the application such as conne…
To efficiently enable the rotation of USB drives for backups, storage pools need to be created. This way no matter which USB drive is installed, the backups will successfully write without any administrative intervention. Multiple USB devices need t…
Suggested Courses

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question