IchBin wrote: > Guy Harris wrote: >> On Jul 13, 2007, at 5:19 PM, Guy Harris wrote: >> >>> (Its output resembles that of netstat, probably intentionally. I >>> don't know whether any UN*Xes have tools such as that, i.e. either a >>> command-line or graphical netstat-plus-process-name - probably some >>> do.) >> A Linux netstat man page at >> >> http://linux.die.net/man/8/netstat >> >> indicates that there's a "--process" flag that shows the process ID >> and process name (probably the first N characters of the last >> component of the executable name, or something such as that) of the >> process that owns the socket; you have to be super-user to get that >> for processes not your own. >> >> lsof might also be able to get some information of that sort on some >> UN*Xes. >> _______________________________________________ >> Wireshark-users mailing list >> Wireshark-users@wireshark.org >> http://www.wireshark.org/mailman/listinfo/wireshark-users > > Thanks Guy for the info. On windows the format is "Netstat -b". I do not > see any associated program that started the connection. I suspect that > programs that monitor the IP processes like WhatsRunning and System > internals, under windows, are just issuing Netstat commands and then > capturing the output and display their own display window. At least that > is what I have done in the pass when writing that type of interface > using Java. >
[SNIP] > Again, thanks to you all of your guidance in this thread. This could be > a mute issue since I am building a new computer and plan to use a > different and newer windows OS. That is, WinXP SP Pro 64bit which may > open another can of worms so to speaks > Well after looking around and looking at SmitfraudFix output I see something that is not correct. »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #2 DNS Server Search Order: 68.87.64.146 DNS Server Search Order: 68.87.75.194 Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #2 DNS Server Search Order: 68.87.64.146 DNS Server Search Order: 68.87.75.194 HKLM\SYSTEM\CCS\Services\Tcpip\..\{83A9FF0F-296C-4D45-A153-6B8A6AFF8BCE}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222 HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A153A46-7E4A-44EE-8443-D1D0EA855ABD}: DhcpNameServer=68.87.64.146 68.87.75.194 HKLM\SYSTEM\CCS\Services\Tcpip\..\{E55D5B3A-6EDC-4FC0-9E4B-6EEA562E9F44}: DhcpNameServer=68.87.64.146 68.87.75.194 HKLM\SYSTEM\CS1\Services\Tcpip\..\{83A9FF0F-296C-4D45-A153-6B8A6AFF8BCE}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222 HKLM\SYSTEM\CS1\Services\Tcpip\..\{8A153A46-7E4A-44EE-8443-D1D0EA855ABD}: DhcpNameServer=68.87.64.146 68.87.75.194 HKLM\SYSTEM\CS1\Services\Tcpip\..\{E55D5B3A-6EDC-4FC0-9E4B-6EEA562E9F44}: DhcpNameServer=68.87.64.146 68.87.75.194 HKLM\SYSTEM\CS3\Services\Tcpip\..\{83A9FF0F-296C-4D45-A153-6B8A6AFF8BCE}: DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222 HKLM\SYSTEM\CS3\Services\Tcpip\..\{8A153A46-7E4A-44EE-8443-D1D0EA855ABD}: DhcpNameServer=68.87.64.146 68.87.75.194 HKLM\SYSTEM\CS3\Services\Tcpip\..\{E55D5B3A-6EDC-4FC0-9E4B-6EEA562E9F44}: DhcpNameServer=68.87.64.146 68.87.75.194 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146 68.87.75.194 Not sure why these IP address are defined as a DhcpNameServer in the windows registry (Not Comcast): 207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129 208.67.222.222 Not sure how to get rid of them either. Instructions I see about these setting is to avoid changing them. Which does not make sense since I do not think they should be there in the first place. Not realy sure if this is apart of any problems I am having but does not look right. Guess I need to know the implications of having them defined to DhcpNameServer. -- Thanks in Advance... http://weconsulting.org IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org ______________________________________________________________________ 'If there is one, Knowledge is the "Fountain of Youth"' -William E. Taylor, Regular Guy (1952-) _______________________________________________ Wireshark-users mailing list Wireshark-users@wireshark.org http://www.wireshark.org/mailman/listinfo/wireshark-users