• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 153
  • Last Modified:

Packet Sniffer or Logs on Server to identify who connects to what

Hi all,

We have identitfied that one of the PCs on our network has S_Nethelper.

The IP addresses this is connecting to is 212.227.252.196 / preffeddns.info. Is there something I can install on the server thats both free and relativley simple to idenity which local IP address is connecting to the above, or is it possible to look at the servers DNS logs to see which local IP has done a lookup on the domain name? If it is, how do i do that please?

Basically I just need to find which local device is trying to connect to the above IP and I dont know how to.

Regards
0
AndyPandaX
Asked:
AndyPandaX
1 Solution
 
jhyieslaCommented:
Look at Wireshark at www.wireshark.org.
0
 
JohnBusiness Consultant (Owner)Commented:
A good packet sniffer works and gives you information as shown below. It shows IP addresses in and out and so shows what is connected to what. Look for you IP in this and see what it is connected to.

I use Comm View (Excellent) and Wire Shark works as well.

Comm-View-Packet-Sniffing
0
 
David Johnson, CD, MVPOwnerCommented:
other way one or many of your computes is infected with a virus that most AV software detects
https://www.virustotal.com/en/ip-address/212.227.252.196/information/
0
 
Calvin PaxsonPremier Services Technical Support ManagerCommented:
It would be far simpler to use nestat -nab |more at the command prompt to see where connections are coming from/going to.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now