Solved

thousands of requests coming from our domain controllers, over port 139

Posted on 2014-02-24
3
96 Views
Last Modified: 2015-01-06
i got an email from our network engineer that there are 2 servers on our network that are probing multiple machines on other networks in our WAN
the 2 servers are active directory domain controllers, and they are sending out requests over port 139
how can i tell what program is running on this machine that is probing port 139 from our DC
0
Comment
Question by:jsctechy
  • 2
3 Comments
 
LVL 7

Expert Comment

by:Shahnawaz Ahmed
ID: 39883679
Dear jsctechy

You can use TCPView by SysInternals (i.e. Microsoft) is a great tool. or I think you may want to try out netstat.exe, which is typically located at C:\WINNT\system32\netstat.exe .

A help page is available with

netstat -?

Examples are:

netstat -a

Lists all local TCP connections and listening ports together with remote TCP endpoint.

netstat -o

Adds the process ID to the output.

netstat -b

Gives you the name of the executable wich was involved in establising this connection/port.
0
 
LVL 7

Accepted Solution

by:
Shahnawaz Ahmed earned 500 total points
ID: 39883685
You will find TCPView more helpful as its GUI and you don't need to install.
You can download from FTP - live.sysinternals.com
0
 
LVL 1

Author Comment

by:jsctechy
ID: 39884163
thanks shahnawaz, tcpview is
SYSTEM PROCESS
PID: 0
TCP
(hostname is the local address)
54039 is one of the local ports
remote address is a hostname of a pc in a different office,
microsoft-ds is one of the remote ports
state is time_wait
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Import groups from "Member Of" of user to a notepad. 4 49
Password Complexity 13 30
Problem to setup GUI 11 33
get list of Security Groups of Bulk users 9 22
In this article, I am going to show you how to simulate a multi-site Lab environment on a single Hyper-V host. I use this method successfully in my own lab to simulate three fully routed global AD Sites on a Windows 10 Hyper-V host.
An article on effective troubleshooting
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question