• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 545
  • Last Modified:

Find process making outbound connections

I have a system which is repeatedly trying to make an outbound connection on port 4343. Judging from the pcap I took from the perimeter firewall, the connection is never fully established. It attempts the same public IP for each connection attempt.

I have since made sure this port outbound is not allowed.

Anyhow, I see the system still attempts connections as it is filling up my Deny logs. What is the best way to find out what process on this system is attempting this connection? I have tried TCPView and Currports but neither show this activity. I am not sure if those only show it once the connection is established or not. I also do not see anything from netstat -ano.
0
Schuyler Dorsey
Asked:
Schuyler Dorsey
1 Solution
 
Schuyler DorseyAuthor Commented:
The public IP is 150.1.1.2 and appears to be in Japan.
0
 
ZabagaRCommented:
Microsoft Network Monitor 3.4 will capture and can sort connections by the .exe that initiates the connection.

http://www.microsoft.com/en-us/download/details.aspx?id=4865
0
 
IMGIDCCommented:
did you try to use
netstat
!!!
0
 
Schuyler DorseyAuthor Commented:
Netstat did not show it. The MS Network Monitor showed it was Console.exe which is the built in SBS console. I have not seen this behavior before.
0
 
btanExec ConsultantCommented:
First to make sure the IP of the target machine is the actual machine to make sure it is not NAT or when through some proxy. Supposedly, running netstat -a -n -o (or netstat -a -b) and it will lead to PID and then the process. Note that the Process Identifier in the Task Manager is not turned on by default.

another useful tool is processhacker which will try to reveal hidden process and rootkit, including see the network connections used by a process and display port, protocol, remote/local IP connections including PID and status of a process (whether it’s listening or not).
0

Featured Post

KuppingerCole Reviews AlgoSec in Executive Report

Leading analyst firm, KuppingerCole reviews AlgoSec's Security Policy Management Solution, and the security challenges faced by companies today in their Executive View report.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now