?
Solved

Locate machine connecting to ip address in Windows network

Posted on 2014-01-15
1
Medium Priority
?
352 Views
Last Modified: 2014-01-16
Looking through the (very) basic reports available on my Sonicwall TZ170, I can see that there has been 2500 'hits" to a website called xtracker.info.

As best as I can tell, this site is the connection port for a virus/backdoor/trojan.

How can I try to find out what machines in my Windows network are connecting to this site?

I will of course block connections to this IP address using the Sonicwall, but I'd like to locate and remove the malware first.

Thanks
0
Comment
Question by:encoad
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 25

Accepted Solution

by:
Zephyr ICT earned 2000 total points
ID: 39784577
Hi,

There was a similar question a few days back, it might help you get to the infected machines:

http://www.experts-exchange.com/Security/Misc/Q_28334188.html

Basically, placing a sniffer near a concentration point (e.g: switch before firewall capable of setting a monitor port) and filtering the traffic.
0

Featured Post

Portable, direct connect server access

The ATEN CV211 connects a laptop directly to any server allowing you instant access to perform data maintenance and local operations, for quick troubleshooting, updating, service and repair.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Originally, this post was published on Monitis Blog, you can check it here . It goes without saying that technology has transformed society and the very nature of how we live, work, and communicate in ways that would’ve been incomprehensible 5 ye…
This article explains the fundamentals of industrial networking which ultimately is the backbone network which is providing communications for process devices like robots and other not so interesting stuff.
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Suggested Courses
Course of the Month11 days, 23 hours left to enroll

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question