bbroyles
asked on
Help determining what application is making TCP connection
Hello,
I started getting a reditrect or two in my browser so I throw MalwareBytes on my workstation and it included the free trial of the pro version. My machine is clean, but that's really irrelevant in regards to my question.
The MB keeps popping up a box saying that it blocked access to: 1.1.1.1 (example). Well, I'm sitting here wondering what I can use to tell me what application (or whatever it is) that is initiating this connection? I thought about WireShark, WinDump, etc, but those will just show me the packets and their SRC and DST and won't really tell me where it's coming from. Is there an app like ProcMon that will do this in the networking world?
I'm not looking for the removal of a threat. I've researched the IP my machine is trying to connect to and even done some scans on it, but that's not the point. I'd like to find a way to tell what application/process that is initiating the connection from my PC.
I'm thinking that the more advanced features of WireShark will do this by looking at the actual data within each packet to perhaps give me some clues, but if there another application that will do that for me, all the better. What is my best bet?
I started getting a reditrect or two in my browser so I throw MalwareBytes on my workstation and it included the free trial of the pro version. My machine is clean, but that's really irrelevant in regards to my question.
The MB keeps popping up a box saying that it blocked access to: 1.1.1.1 (example). Well, I'm sitting here wondering what I can use to tell me what application (or whatever it is) that is initiating this connection? I thought about WireShark, WinDump, etc, but those will just show me the packets and their SRC and DST and won't really tell me where it's coming from. Is there an app like ProcMon that will do this in the networking world?
I'm not looking for the removal of a threat. I've researched the IP my machine is trying to connect to and even done some scans on it, but that's not the point. I'd like to find a way to tell what application/process that is initiating the connection from my PC.
I'm thinking that the more advanced features of WireShark will do this by looking at the actual data within each packet to perhaps give me some clues, but if there another application that will do that for me, all the better. What is my best bet?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Yep, that be the one: http://technet.microsoft.com/en-us/sysinternals/bb897437
ASKER
Perfect! Was exactly what I was looking for.......
Shows the process and the connection as it's initiated. That SysInternals has some great stuff, but don;t recall see that be before. If you want to see active connections and what application is making them on your machine, this is the ticket.
Now, I want to see what kind of data it's trying to send, but I think got that covered with WireShark
Good work!.
Shows the process and the connection as it's initiated. That SysInternals has some great stuff, but don;t recall see that be before. If you want to see active connections and what application is making them on your machine, this is the ticket.
Now, I want to see what kind of data it's trying to send, but I think got that covered with WireShark
Good work!.