While doing routine security investigation, there was a requirement to track the program generating some TCP traffic. I made use of Sysinternal's TCPView to find out the offending program.
Here are some other options, if you are interested.
1) TCPView - It is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
Download link - https://technet.microsoft.com/en-us/library/bb897437.aspx
2)Microsoft network monitor is another tool.
Download link - https://www.microsoft.com/en-us/download/details.aspx?id=4865
If interested in commericial version, NetBalancer is a good utility.
Download link -
If you have installed Sysinternal utilities on PC, there is a utility namely, Tcpvcon.
Tcpvcon usage is similar to that of the built-in Windows netstat utility.
Usage: tcpvcon [-a] [-c] [-n] [process name or PID]
-a Show all endpoints (default is to show established TCP connections).
-c Print output as CSV.
-n Don't resolve addresses..
If you wish to stick to old netstat utility, here is the way to find out the program ID making TCP/UDP connections:
c:\> netstat -nab
Here are some other options, if you are interested.
1) TCPView - It is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections.
Download link - https://technet.microsoft.com/en-us/library/bb897437.aspx
2)Microsoft network monitor is another tool.
Download link - https://www.microsoft.com/en-us/download/details.aspx?id=4865
If interested in commericial version, NetBalancer is a good utility.
Download link -
- Netbalancer - https://netbalancer.com/download
- Command line version - https://netbalancer.com/docs#command_line__nbcmd_exe_
If you have installed Sysinternal utilities on PC, there is a utility namely, Tcpvcon.
Tcpvcon usage is similar to that of the built-in Windows netstat utility.
Usage: tcpvcon [-a] [-c] [-n] [process name or PID]
-a Show all endpoints (default is to show established TCP connections).
-c Print output as CSV.
-n Don't resolve addresses..
If you wish to stick to old netstat utility, here is the way to find out the program ID making TCP/UDP connections:
c:\> netstat -nab
No comments:
Post a Comment