Sysinternals Homepage
Forum Home Forum Home > Windows Discussions > Troubleshooting
  New Posts New Posts RSS Feed - TCPView question
  FAQ FAQ  Forum Search   Events   Register Register  Login Login

TCPView question

 Post Reply Post Reply
Author
Message
jwalzer View Drop Down
Newbie
Newbie


Joined: 20 February 2008
Location: United States
Status: Offline
Points: 6
Post Options Post Options   Thanks (0) Thanks(0)   Quote jwalzer Quote  Post ReplyReply Direct Link To This Post Topic: TCPView question
    Posted: 02 December 2011 at 3:59am
Reviewing my firewall logs I see one sever flagged with Back Orifice traffic as it is contacting hosts from local port 28797 to remote port 31337. The connections are random. Is it possible to set up TCPView to trap or save when a certain connection is made instead of watching TCPView and waiting for these connections?

Captured a pcap file for network traffic, but there is no associated process to be gleaned from the packet capture. Trying to determine if this is a false positive, or something legitimate.

Thx
Back to Top
 Post Reply Post Reply
  Share Topic   

Forum Jump Forum Permissions View Drop Down