Solved

Packet Sniffer or Logs on Server to identify who connects to what

Posted on 2014-09-23
4
134 Views
Last Modified: 2014-11-07
Hi all,

We have identitfied that one of the PCs on our network has S_Nethelper.

The IP addresses this is connecting to is 212.227.252.196 / preffeddns.info. Is there something I can install on the server thats both free and relativley simple to idenity which local IP address is connecting to the above, or is it possible to look at the servers DNS logs to see which local IP has done a lookup on the domain name? If it is, how do i do that please?

Basically I just need to find which local device is trying to connect to the above IP and I dont know how to.

Regards
0
Comment
Question by:AndyPandaX
4 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
ID: 40339498
Look at Wireshark at www.wireshark.org.
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 40339584
A good packet sniffer works and gives you information as shown below. It shows IP addresses in and out and so shows what is connected to what. Look for you IP in this and see what it is connected to.

I use Comm View (Excellent) and Wire Shark works as well.

Comm-View-Packet-Sniffing
0
 
LVL 80

Expert Comment

by:David Johnson, CD, MVP
ID: 40339855
other way one or many of your computes is infected with a virus that most AV software detects
https://www.virustotal.com/en/ip-address/212.227.252.196/information/
0
 
LVL 2

Expert Comment

by:Calvin Paxson
ID: 40339923
It would be far simpler to use nestat -nab |more at the command prompt to see where connections are coming from/going to.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many admins will agree: WSUS is is a nice invention but using it on the client side when updating a newly installed computer is still time consuming as you have to do several reboots and furthermore, the procedure of installing updates, rebooting an…
INTRODUCTION The purpose of this document is to demonstrate the Installation and configuration of the Data Protection Manager product. Note that this demonstration was prepared on the basis of Windows OS is 2008 R2 and DPM 2010. DATA PROTECTI…
This video Micro Tutorial explains how to clone a hard drive using a commercial software product for Windows systems called Casper from Future Systems Solutions (FSS). Cloning makes an exact, complete copy of one hard disk drive (HDD) onto another d…
In this video, we discuss why the need for additional vertical screen space has become more important in recent years, namely, due to the transition in the marketplace of 4x3 computer screens to 16x9 and 16x10 screens (so-called widescreen format). …

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question