Help determining what application is making TCP connection
Posted on 2011-10-14
I started getting a reditrect or two in my browser so I throw MalwareBytes on my workstation and it included the free trial of the pro version. My machine is clean, but that's really irrelevant in regards to my question.
The MB keeps popping up a box saying that it blocked access to: 22.214.171.124 (example). Well, I'm sitting here wondering what I can use to tell me what application (or whatever it is) that is initiating this connection? I thought about WireShark, WinDump, etc, but those will just show me the packets and their SRC and DST and won't really tell me where it's coming from. Is there an app like ProcMon that will do this in the networking world?
I'm not looking for the removal of a threat. I've researched the IP my machine is trying to connect to and even done some scans on it, but that's not the point. I'd like to find a way to tell what application/process that is initiating the connection from my PC.
I'm thinking that the more advanced features of WireShark will do this by looking at the actual data within each packet to perhaps give me some clues, but if there another application that will do that for me, all the better. What is my best bet?