<div>
A good packet sniffer works and gives you information as shown below. It shows IP addresses in and out and so shows what is connected to what. Look for you IP in this and see what it is connected to.<br />
<br />
I use Comm View (Excellent) and Wire Shark works as well.<br />
<br />
<a href="https://filedb.experts-exchange.com/incoming/2014/09_w39/873841/Comm-View-Packet-Sniffing.png" target="_blank" title="Comm-View-Packet-Sniffing (71 KB)"><img alt="Comm-View-Packet-Sniffing" class="file-block lazyload" style="max-width: 800px;" data-src="https://filedb.experts-exchange.com/incoming/2014/09_w39/800_873841/Comm-View-Packet-Sniffing.png" /></a>
</div>


A good packet sniffer works and gives you information as shown below. It shows IP addresses in and out and so shows what is connected to what. Look for you IP in this and see what it is connected to.

I use Comm View (Excellent) and Wire Shark works as well.

Comm-View-Packet-Sniffinghttps://filedb.experts-exchange.com/incoming/2014/09_w39/873841/Comm-View-Packet-Sniffing.png

Comm-View-Packet-Sniffing.png

<div>
other way one or many of your computes is infected with a virus that most AV software detects<br />
<a href="https://www.virustotal.com/en/ip-address/212.227.252.196/information/" rel="ugc">https://www.virustotal.com/en/ip-address/212.227.252.196/information/</a>
</div>


other way one or many of your computes is infected with a virus that most AV software detects
https://www.virustotal.com/en/ip-address/212.227.252.196/information/ [https://www.virustotal.com/en/ip-address/212.227.252.196/information/]

<div>
It would be far simpler to use nestat -nab |more at the command prompt to see where connections are coming from/going to.
</div>


It would be far simpler to use nestat -nab |more at the command prompt to see where connections are coming from/going to.

<div>
<div class="content wysiwyg-content">
Hi all,<br />
<br />
We have identitfied that one of the PCs on our network has S_Nethelper.<br />
<br />
The IP addresses this is connecting to is 212.227.252.196 / preffeddns.info. Is there something I can install on the server thats both free and relativley simple to idenity which local IP address is connecting to the above, or is it possible to look at the servers DNS logs to see which local IP has done a lookup on the domain name? If it is, how do i do that please?<br />
<br />
Basically I just need to find which local device is trying to connect to the above IP and I dont know how to.<br />
<br />
Regards
</div>
</div>


Hi all,

We have identitfied that one of the PCs on our network has S_Nethelper.

The IP addresses this is connecting to is 212.227.252.196 / preffeddns.info. Is there something I can install on the server thats both free and relativley simple to idenity which local IP address is connecting to the above, or is it possible to look at the servers DNS logs to see which local IP has done a lookup on the domain name? If it is, how do i do that please?

Basically I just need to find which local device is trying to connect to the above IP and I dont know how to.

Regards

Packet Sniffer or Logs on Server to identify who connects to what

The Microsoft Legacy Operating System topic includes legacy versions of Microsoft operating systems prior to Windows 2000: All versions of MS-DOS and other versions developed for specific manufacturers and Windows 3/3.1, Windows 95 and Windows 98, plus any other Windows-related versions, and Windows Mobile.

Microsoft Legacy OS

The Microsoft Server topic includes all of the legacy versions of the operating system, including the Windows NT 3.1, NT 3.5, NT 4.0 and Windows 2000 and Windows Home Server versions.

Microsoft Server OS

Small Business Server (SBS) is a line of server operating systems targeted at small businesses by bundling the operating system with a number of other Microsoft products that would normally need to be purchased or licensed separately. The most notable inclusions are Exchange, SQL Server, SharePoint and ISA/TMG (Microsoft's firewall and proxy server).