On Tuesday, 2005-10-18 at 21:18 MST, Aaron Glenn <[EMAIL PROTECTED]> wrote: > I've found this tool to be very handy in finding out just what process > is doing what. > > http://www.sysinternals.com/Utilities/TcpView.html
But Tcpview doesn't show anything for icmp - which is what was happening in this case. However, if the "guilty" process is also using tcp, Tcpview will likely identify it. On the other hand, a firewall that limits outbound traffic to only "permitted" programs would probably nail the program involved (Zonealarm is one example of such a firewall). > btw, I don't think nanog is the most appropriate list for these types > of questions, fyi. Probably so. The newsgroup news:comp.security.misc might be a better place. Tony Rall
