Locate machine connecting to ip address in Windows network

Looking through the (very) basic reports available on my Sonicwall TZ170, I can see that there has been 2500 'hits" to a website called xtracker.info.

As best as I can tell, this site is the connection port for a virus/backdoor/trojan.

How can I try to find out what machines in my Windows network are connecting to this site?

I will of course block connections to this IP address using the Sonicwall, but I'd like to locate and remove the malware first.

Thanks
encoadAsked:
Who is Participating?
 
Zephyr ICTConnect With a Mentor Cloud ArchitectCommented:
Hi,

There was a similar question a few days back, it might help you get to the infected machines:

http://www.experts-exchange.com/Security/Misc/Q_28334188.html

Basically, placing a sniffer near a concentration point (e.g: switch before firewall capable of setting a monitor port) and filtering the traffic.
0
All Courses

From novice to tech pro — start learning today.