[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 199
  • Last Modified:

PC sending packets to a non-existent local IP address.

I have a PC on the network which is occasionally trying to contact a certain address (10.2.100.200). But this address does not exist on our network.  I looked in the installed programs of this PC ( Windows 7 OS). There is nothing suspicious on it. What is the best way to find out what process or service is doing this? RSA Envision picked up these packet transmissions. Any suggestions or ideas would be greatly appreciated. Thanks
0
jameshfd21
Asked:
jameshfd21
  • 2
1 Solution
 
manu4uCommented:
Run the command

netstat -a -b   (by the way, you should run it with Admin rights)

it will show you what process are connecting to the remote addresses.

Also you can use Wireshark to capture the packets and see the details of connection.

Hope this helps.

Cheers
Manu
0
 
manu4uCommented:
RSA Envision could give you details. Do you have the log?

Anyways, Wireshark can be downloaded from here https://www.wireshark.org/download.html

Once it is installed, start capturing the network Traffic (select the right interface).

Then, filter     ip.addr==10.2.100.200
0
 
max_the_kingCommented:
hi
it may well be the address of a printer or another network device, nothing harmful. have a look into device and printers on the pc.
max
0

Featured Post

Threat Trends for MSPs to Watch

See the findings.
Despite its humble beginnings, phishing has come a long way since those first crudely constructed emails. Today, phishing sites can appear and disappear in the length of a coffee break, and it takes more than a little know-how to keep your clients secure.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now