Solved

thousands of requests coming from our domain controllers, over port 139

Posted on 2014-02-24
3
100 Views
Last Modified: 2015-01-06
i got an email from our network engineer that there are 2 servers on our network that are probing multiple machines on other networks in our WAN
the 2 servers are active directory domain controllers, and they are sending out requests over port 139
how can i tell what program is running on this machine that is probing port 139 from our DC
0
Comment
Question by:jsctechy
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
3 Comments
 
LVL 8

Expert Comment

by:Shahnawaz Ahmed
ID: 39883679
Dear jsctechy

You can use TCPView by SysInternals (i.e. Microsoft) is a great tool. or I think you may want to try out netstat.exe, which is typically located at C:\WINNT\system32\netstat.exe .

A help page is available with

netstat -?

Examples are:

netstat -a

Lists all local TCP connections and listening ports together with remote TCP endpoint.

netstat -o

Adds the process ID to the output.

netstat -b

Gives you the name of the executable wich was involved in establising this connection/port.
0
 
LVL 8

Accepted Solution

by:
Shahnawaz Ahmed earned 500 total points
ID: 39883685
You will find TCPView more helpful as its GUI and you don't need to install.
You can download from FTP - live.sysinternals.com
0
 
LVL 1

Author Comment

by:jsctechy
ID: 39884163
thanks shahnawaz, tcpview is
SYSTEM PROCESS
PID: 0
TCP
(hostname is the local address)
54039 is one of the local ports
remote address is a hostname of a pc in a different office,
microsoft-ds is one of the remote ports
state is time_wait
0

Featured Post

Get 15 Days FREE Full-Featured Trial

Benefit from a mission critical IT monitoring with Monitis Premium or get it FREE for your entry level monitoring needs.
-Over 200,000 users
-More than 300,000 websites monitored
-Used in 197 countries
-Recommended by 98% of users

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A company’s centralized system that manages user data, security, and distributed resources is often a focus of criminal attention. Active Directory (AD) is no exception. In truth, it’s even more likely to be targeted due to the number of companies …
Always backup Domain, SYSVOL etc.using processes according to Microsoft Best Practices. This is meant as a disaster recovery process for small environments that did not implement backup processes and did not run a secondary domain controller that ne…
This Micro Tutorial hows how you can integrate  Mac OSX to a Windows Active Directory Domain. Apple has made it easy to allow users to bind their macs to a windows domain with relative ease. The following video show how to bind OSX Mavericks to …
Attackers love to prey on accounts that have privileges. Reducing privileged accounts and protecting privileged accounts therefore is paramount. Users, groups, and service accounts need to be protected to help protect the entire Active Directory …
Suggested Courses

617 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question