I've got some application on my Windows XP machine that is generating an HTTP request to aaronsw.com every half hour. We've trapped the packets in wireshark, but wireshark doesn't tell what application generated the packets. Is there any utility that looks at network traffic AND tells what executable produced the traffic?
Asked
Active
Viewed 276 times
2 Answers
2
TCPView from System Internals will show all of the connections and the executable that created the connection.
Greg Bray
- 5,610
- 5
- 36
- 53
-
This is awesome, except the traffic I'm researching is a quick ping taking place every 30 minutes... this tool doesn't log what's going on so there's almost no chance to catch it in action. Is there anything like this that generates a log? – jeffspost Mar 15 '10 at 16:48
-
Hmm... not that I know of, and at the network capture level you'll never get access to the application information. If it runs every 30 minutes than it is either a memory resident process, a scheduled task, or part of a DLL loaded into a host process like svchost. In the first and last case you can try and find the executable using another system internal tool called process explorer: http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx Good luck! – Greg Bray Mar 16 '10 at 05:12
1
You could use netstat with the -b option to get that information provided you know enough about the connection to be able to find what you are looking for in the list.
Zoredache
- 130,897
- 41
- 276
- 420