Solved

Packet Sniffer or Logs on Server to identify who connects to what

Posted on 2014-09-23
4
138 Views
Last Modified: 2014-11-07
Hi all,

We have identitfied that one of the PCs on our network has S_Nethelper.

The IP addresses this is connecting to is 212.227.252.196 / preffeddns.info. Is there something I can install on the server thats both free and relativley simple to idenity which local IP address is connecting to the above, or is it possible to look at the servers DNS logs to see which local IP has done a lookup on the domain name? If it is, how do i do that please?

Basically I just need to find which local device is trying to connect to the above IP and I dont know how to.

Regards
0
Comment
Question by:AndyPandaX
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
4 Comments
 
LVL 28

Accepted Solution

by:
jhyiesla earned 500 total points
ID: 40339498
Look at Wireshark at www.wireshark.org.
0
 
LVL 96

Expert Comment

by:Experienced Member
ID: 40339584
A good packet sniffer works and gives you information as shown below. It shows IP addresses in and out and so shows what is connected to what. Look for you IP in this and see what it is connected to.

I use Comm View (Excellent) and Wire Shark works as well.

Comm-View-Packet-Sniffing
0
 
LVL 82

Expert Comment

by:David Johnson, CD, MVP
ID: 40339855
other way one or many of your computes is infected with a virus that most AV software detects
https://www.virustotal.com/en/ip-address/212.227.252.196/information/
0
 
LVL 2

Expert Comment

by:Calvin Paxson
ID: 40339923
It would be far simpler to use nestat -nab |more at the command prompt to see where connections are coming from/going to.
0

Featured Post

Want Experts Exchange at your fingertips?

With Experts Exchange’s latest app release, you can now experience our most recent features, updates, and the same community interface while on-the-go. Download our latest app release at the Android or Apple stores today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

The articles for turning off the Client firewall policy on the internet are for SBS 2008 and don't really help for SBS 2011. They actually moved the Client firewall policy. In 2011, the client firewall policy has moved to the SBS computers conta…
Issue: One Windows 2008 R2 64bit server on the network unable to connect to a buffalo Device (Linkstation) with firmware version 1.56. There are a total of four servers on the network this being one of them. Troubleshooting Steps: Connect via h…
Windows 8 came with a dramatically different user interface known as Metro. Notably missing from that interface was a Start button and Start Menu. Microsoft responded to negative user feedback of the Metro interface, bringing back the Start button a…
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question