Packet Sniffer or Logs on Server to identify who connects to what
Posted on 2014-09-23
We have identitfied that one of the PCs on our network has S_Nethelper.
The IP addresses this is connecting to is 126.96.36.199 / preffeddns.info. Is there something I can install on the server thats both free and relativley simple to idenity which local IP address is connecting to the above, or is it possible to look at the servers DNS logs to see which local IP has done a lookup on the domain name? If it is, how do i do that please?
Basically I just need to find which local device is trying to connect to the above IP and I dont know how to.