• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 108
  • Last Modified:

thousands of requests coming from our domain controllers, over port 139

i got an email from our network engineer that there are 2 servers on our network that are probing multiple machines on other networks in our WAN
the 2 servers are active directory domain controllers, and they are sending out requests over port 139
how can i tell what program is running on this machine that is probing port 139 from our DC
0
jsctechy
Asked:
jsctechy
  • 2
1 Solution
 
Shahnawaz AhmedTechnical Services SpecialistCommented:
Dear jsctechy

You can use TCPView by SysInternals (i.e. Microsoft) is a great tool. or I think you may want to try out netstat.exe, which is typically located at C:\WINNT\system32\netstat.exe .

A help page is available with

netstat -?

Examples are:

netstat -a

Lists all local TCP connections and listening ports together with remote TCP endpoint.

netstat -o

Adds the process ID to the output.

netstat -b

Gives you the name of the executable wich was involved in establising this connection/port.
0
 
Shahnawaz AhmedTechnical Services SpecialistCommented:
You will find TCPView more helpful as its GUI and you don't need to install.
You can download from FTP - live.sysinternals.com
0
 
jsctechyAuthor Commented:
thanks shahnawaz, tcpview is
SYSTEM PROCESS
PID: 0
TCP
(hostname is the local address)
54039 is one of the local ports
remote address is a hostname of a pc in a different office,
microsoft-ds is one of the remote ports
state is time_wait
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Problems using Powershell and Active Directory?

Managing Active Directory does not always have to be complicated.  If you are spending more time trying instead of doing, then it's time to look at something else. For nearly 20 years, AD admins around the world have used one tool for day-to-day AD management: Hyena. Discover why

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now