Wireshark-users: Re: [Wireshark-users] How to find the application sending a namerequest?
One way to narrow it down would be to use Wireshark to identify the source IP and port. So on that particular Windows box, you could then use either netstat -ano (believe only 2003 and XP add the -o option) or you could use fport from Foundstone:
http://www.foundstone.com/knowledge/proddesc/fport.html
These should let you map the source port to a particular process ID or application/service. From there the best tool to use to look at processes is probably Process Explorer on sysinternals.com: http://www.sysinternals.com/Utilities/ProcessExplorer.html
Alternatively you can use the Windows built in by pressing Control-Shift-Esc to bring up Windows Task Manager and click on the Process Tab. However, process explorer is much more thorough and powerful (and also free).
On the same site you can also check out TCPView that lets you view all networking apps and the process IDs: http://www.sysinternals.com/Utilities/TcpView.html
That's not perfect but it should give you a good start. If you still can't figure it out after that try posting again with what you found so far.
--Jim
________________________________________
From: wireshark-users-bounces@xxxxxxxxxxxxx [mailto:wireshark-users-bounces@xxxxxxxxxxxxx] On Behalf Of Bob Frottner
Sent: Saturday, October 28, 2006 3:11 PM
To: wireshark-users@xxxxxxxxxxxxx
Subject: [Wireshark-users] How to find the application sending a namerequest?
Hi,
I have no experience in network analysis. However, there is a network problem here and I think I have found it using Wireshark: Some Windows application or service is sending name queries asking for a server which has been removed from the net.
Now my question: How can I find out which application or service within windows is sending those name queries? That must be trackable somehow but I have no idea how...
It would be great if somebody could give me help on this!
Thanks,
Bob
________________________________________
Cheap Talk? Check out Yahoo! Messenger's low PC-to-Phone call rates.