Home page logo
/

basics logo Security Basics mailing list archives

Re: Associate PID with ICMP Request in Windows?
From: Colin Copley <colin.75 () btinternet com>
Date: Thu, 13 Dec 2007 23:30:51 +0000

Megan Kielman wrote:
On a  Windows system, how would I go about determine which PID is
issuing an ICMP Echo Request? I read an article about the ping message
and it said that on Windows, the Identification field always shows 256
whereas other OS's actually show the PID of the process initiating the
ping.

Hi

With either Process Explorer, FileMon (from sysintenals) or both you can look for processes using wsock32.dll, icmp.dll, ws2_32.dll, mswsock.dll, wshtcpip.dll or ping.exe which should point you in the right direction.

Obviously lots of legitimate prcesses also use these dll's so you might have to play with the filter settings a bit.

A simple desktop firewall might also do the trick, dunno about PID but you can find that out with the above tools once you have the process name.

Cheers
Colin


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault