IchBin wrote:
> Guy Harris wrote:
>> On Jul 13, 2007, at 5:19 PM, Guy Harris wrote:
>>
>>> (Its output resembles that of netstat, probably intentionally. I
>>> don't know whether any UN*Xes have tools such as that, i.e. either a
>>> command-line or graphical netstat-plus-process-name - probably some
>>> do.)
>> A Linux netstat man page at
>>
>> http://linux.die.net/man/8/netstat
>>
>> indicates that there's a "--process" flag that shows the process ID
>> and process name (probably the first N characters of the last
>> component of the executable name, or something such as that) of the
>> process that owns the socket; you have to be super-user to get that
>> for processes not your own.
>>
>> lsof might also be able to get some information of that sort on some
>> UN*Xes.
>> _______________________________________________
>> Wireshark-users mailing list
>> [email protected]
>> http://www.wireshark.org/mailman/listinfo/wireshark-users
>
> Thanks Guy for the info. On windows the format is "Netstat -b". I do not
> see any associated program that started the connection. I suspect that
> programs that monitor the IP processes like WhatsRunning and System
> internals, under windows, are just issuing Netstat commands and then
> capturing the output and display their own display window. At least that
> is what I have done in the pass when writing that type of interface
> using Java.
>
[SNIP]
> Again, thanks to you all of your guidance in this thread. This could be
> a mute issue since I am building a new computer and plan to use a
> different and newer windows OS. That is, WinXP SP Pro 64bit which may
> open another can of worms so to speaks
>
Well after looking around and looking at SmitfraudFix output I see
something that is not correct.
»»»»»»»»»»»»»»»»»»»»»»»» DNS
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #2
DNS Server Search Order: 68.87.64.146
DNS Server Search Order: 68.87.75.194
Description: Realtek RTL8139 Family PCI Fast Ethernet NIC #2
DNS Server Search Order: 68.87.64.146
DNS Server Search Order: 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\..\{83A9FF0F-296C-4D45-A153-6B8A6AFF8BCE}:
DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222
,207.68.160.190 194.25.2.129 208.67.222.222
HKLM\SYSTEM\CCS\Services\Tcpip\..\{8A153A46-7E4A-44EE-8443-D1D0EA855ABD}:
DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\..\{E55D5B3A-6EDC-4FC0-9E4B-6EEA562E9F44}:
DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{83A9FF0F-296C-4D45-A153-6B8A6AFF8BCE}:
DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222
,207.68.160.190 194.25.2.129 208.67.222.222
HKLM\SYSTEM\CS1\Services\Tcpip\..\{8A153A46-7E4A-44EE-8443-D1D0EA855ABD}:
DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\..\{E55D5B3A-6EDC-4FC0-9E4B-6EEA562E9F44}:
DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{83A9FF0F-296C-4D45-A153-6B8A6AFF8BCE}:
DhcpNameServer=207.68.160.190 194.25.2.129 208.67.222.222
,207.68.160.190 194.25.2.129 208.67.222.222
HKLM\SYSTEM\CS3\Services\Tcpip\..\{8A153A46-7E4A-44EE-8443-D1D0EA855ABD}:
DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\..\{E55D5B3A-6EDC-4FC0-9E4B-6EEA562E9F44}:
DhcpNameServer=68.87.64.146 68.87.75.194
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146
68.87.75.194
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146
68.87.75.194
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=68.87.64.146
68.87.75.194
Not sure why these IP address are defined as a DhcpNameServer in the
windows registry (Not Comcast):
207.68.160.190 194.25.2.129 208.67.222.222 ,207.68.160.190 194.25.2.129
208.67.222.222
Not sure how to get rid of them either. Instructions I see about these
setting is to avoid changing them. Which does not make sense since I do
not think they should be there in the first place. Not realy sure if
this is apart of any problems I am having but does not look right. Guess
I need to know the implications of having them defined to DhcpNameServer.
--
Thanks in Advance... http://weconsulting.org
IchBin, Philadelphia, Pa, USA http://ichbinquotations.weconsulting.org
______________________________________________________________________
'If there is one, Knowledge is the "Fountain of Youth"'
-William E. Taylor, Regular Guy (1952-)
_______________________________________________
Wireshark-users mailing list
[email protected]
http://www.wireshark.org/mailman/listinfo/wireshark-users
