[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 357
  • Last Modified:

Locate machine connecting to ip address in Windows network

Looking through the (very) basic reports available on my Sonicwall TZ170, I can see that there has been 2500 'hits" to a website called xtracker.info.

As best as I can tell, this site is the connection port for a virus/backdoor/trojan.

How can I try to find out what machines in my Windows network are connecting to this site?

I will of course block connections to this IP address using the Sonicwall, but I'd like to locate and remove the malware first.

Thanks
0
encoad
Asked:
encoad
1 Solution
 
Zephyr ICTCloud ArchitectCommented:
Hi,

There was a similar question a few days back, it might help you get to the infected machines:

http://www.experts-exchange.com/Security/Misc/Q_28334188.html

Basically, placing a sniffer near a concentration point (e.g: switch before firewall capable of setting a monitor port) and filtering the traffic.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now