Guy Harris wrote:
On Jul 13, 2007, at 5:19 PM, Guy Harris wrote:
(Its output resembles that of netstat, probably intentionally. I
don't know whether any UN*Xes have tools such as that, i.e. either a
command-line or graphical netstat-plus-process-name - probably some
do.)
A Linux netstat man page at
http://linux.die.net/man/8/netstat
indicates that there's a "--process" flag that shows the process ID
and process name (probably the first N characters of the last
component of the executable name, or something such as that) of the
process that owns the socket; you have to be super-user to get that
for processes not your own.
lsof might also be able to get some information of that sort on some
UN*Xes.
_______________________________________________
Wireshark-users mailing list
Wireshark-users@xxxxxxxxxxxxx
http://www.wireshark.org/mailman/listinfo/wireshark-users
Thanks Guy for the info. On windows the format is "Netstat -b". I do not
see any associated program that started the connection. I suspect that
programs that monitor the IP processes like WhatsRunning and System
internals, under windows, are just issuing Netstat commands and then
capturing the output and display their own display window. At least that
is what I have done in the pass when writing that type of interface
using Java.
I want to thank you all for your help.
I suspect their is something wrong in my windows OS and\or Explorer. I'm
about 95% sure its a virus or Trojan but can not find any docs on this
problem. Well I did find one reference to Netmeet32.exe but no detail.
I tried a firewall called Tiny Personal Firewall.
Before I installed Tiny Personal Firewall this is the behavior I saw on
an admin account I use as a backup admin user account. This does not
happen on my normal admin account which I use all of the time.
- First, I do not see any of that traffic on the UDP's that I see on my
normal admin user I use all of the time. This is for any firewall I have
tested.
- I notice that a NetMeeting module (netmeet32.exe) pop's up from an
Explorer process then Firefox browser is loaded. I think that netmeet32
is spawning it.
- Then netmeet32.exe process ends.
- Within 30 secs an Explorer process again loads netmeet32.exe then
another instance of Firefox is started and netmeet32.exe then ends its
process. This continues, as if in a loop, until I have to many instances
of Firefox running and I die because lack of resources.
On my normal admin account, that I use all of the time, I do not see
this behavior happening but do see all of the UDP traffic. Again, I do
not see this when I am on the backup admin account just by looking at
the modem lights.
I was just going to use ZoneAlarm but a friend suggested I use Tiny
Personal Firewall. Tiny Personal Firewall works the same as ZoneAlarm.
That is, initially everything is disabled. This is what happens after I
installed the Tiny Personal Firewall.
- The backup admin users behavior did not change.
- On my normal admin account now the same thing happens as it does on my
backup admin account. Well almost. It tries to load Firefox but Firefox
issues a program termination because of a bad instruction. So I see a
response window to terminate or debug the problem. So I get a loop of
Firefox load failures. Which is good I guess because I do not run low of
resources and I can look around the machine for problems.
- Also the console locks up at no particular point in time or particular
reason. I then can not do anything but the system is still running
because I can see process continue to run. So I suspect there is a
problem with the Explorer process.
- Mean while I have approve all programs to run via the firewall and do
not see the traffic on the UDP ports..
Really strange. When I used the ZoneAlarm firewall I did not see that
behavior on my normal admin account. This may tell me ZoneAlarm is not
working correctly, I guess. I had to uninstall Tiny Personal Firewall
and go back to the Windows firewall.
So bottom line I think is that it is not a communication problem that
Wireshark nor Ethereal could help me with at this point. Not unless
anyone would like to make and further suggestions.
Again, thanks to you all of your guidance in this thread. This could be
a mute issue since I am building a new computer and plan to use a
different and newer windows OS. That is, WinXP SP Pro 64bit which may
open another can of worms so to speaks
--
Thanks in Advance... http://weconsulting.org
IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)
