TCPView looks perfect, but doesn't have a logging option (that I find). From: Ziots, Edward [mailto:[email protected]] Sent: Tuesday, October 05, 2010 10:36 AM To: NT System Admin Issues Subject: RE: W2K server connecting to Admin$ share on 2K3 DC
Tasklist? Or possibly TCpview? Z Edward E. Ziots CISSP, Network +, Security + Network Engineer Lifespan Organization Email:[email protected] Cell:401-639-3505 From: David Lum [mailto:[email protected]] Sent: Tuesday, October 05, 2010 1:34 PM To: NT System Admin Issues Subject: W2K server connecting to Admin$ share on 2K3 DC Ok brain fart, what's the best way to find which .EXE is initiating a connecting to my DC's ADMIN$ share? I can use CPORTS to find what app is using what port, do I look for a port 389 connection? The other trick to this is the connection happens twice a day about 12 hours apart...I'm thinking it's normal traffic. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected]<mailto:[email protected]> with the body: unsubscribe ntsysadmin ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ --- To manage subscriptions click here: http://lyris.sunbelt-software.com/read/my_forums/ or send an email to [email protected] with the body: unsubscribe ntsysadmin
