Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: RE: RE: How to find process behind TCP connection ?

RE: RE: How to find process behind TCP connection ?

From: Robert D. Holtz - Lists <robert.d.holtz_at_gmail.com>
Date: Thu, 5 Oct 2006 12:59:12 -0500

There are no processes behind the System process ... just many threads. The
4 is just the Process ID.

This is the core operating system.

For example there are 76 threads running on my machine under System. By
looking at these threads I can deduce what some of them are doing but not
all of them.

Are you trying to find the thread within System which handles a given
protocol?

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com] On
Behalf Of Buozis, Martynas
Sent: Thursday, October 05, 2006 7:04 AM
To: Chesnutt, Lindsey P; security-basics_at_securityfocus.com
Subject: RE: RE: How to find process behing TCP connection ?

Hello

Ok, thanks again everyone who is trying to share experience. But I just
want to remind my original question, which is following:

How I can find real processes behind activity when "netstat -abvo" shows
that it is "System 4" process?

I am sure that every Windows PC would have any connection listed as
owned by "System 4" in "netstat -abvo". So probably you may try to find
what is behind to test offered approach or propose methodology.

I still can't find right solution, while I tested all suggested
approaches....

With best regards
Martynas
 

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On Behalf Of Chesnutt, Lindsey P
Sent: Monday, October 02, 2006 10:08 PM
To: security-basics_at_securityfocus.com
Subject: RE: RE: How to find process behing TCP connection ?

The -o works nicely with "tasklist /svc" to find the processes and
services
associated with the process ID.

-----Original Message-----
From: listbounce_at_securityfocus.com [mailto:listbounce_at_securityfocus.com]
On
Behalf Of deabimakgi_at_btconnect.com
Sent: Sunday, October 01, 2006 8:46 AM
To: security-basics_at_securityfocus.com
Subject: Re: RE: How to find process behing TCP connection ?

Have you tried netstat -anob

 -o Displays the owning process ID associated with each
connection.

 -b Displays the executable involved in creating each
connection
or listening port. In some cases well-known executables host multiple
independent components, and in these cases the sequence of components
involved in creating the connection or listening port is displayed. In
this
case the executable
name is in [] at the bottom, on top is the component it called, and so
forth
until TCP/IP was reached. Note that this option can be
time-consuming and will fail unless you have sufficient permissions.

------------------------------------------------------------------------ 

---
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic
Excellence 
in Information Security. Our program offers unparalleled Infosec
management 
education and the case study affords you unmatched consulting
experience. 
Using interactive e-Learning technology, you can earn this esteemed
degree, 
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
------------------------------------------------------------------------
---
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence 
in Information Security. Our program offers unparalleled Infosec management 
education and the case study affords you unmatched consulting experience. 
Using interactive e-Learning technology, you can earn this esteemed degree, 
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
Received on Oct 06 2006
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]