19 Oct
2005
19 Oct
'05
1:25 a.m.
On Tuesday, 2005-10-18 at 21:18 MST, Aaron Glenn <aaron.glenn@gmail.com> wrote:
I've found this tool to be very handy in finding out just what process is doing what.
But Tcpview doesn't show anything for icmp - which is what was happening in this case. However, if the "guilty" process is also using tcp, Tcpview will likely identify it. On the other hand, a firewall that limits outbound traffic to only "permitted" programs would probably nail the program involved (Zonealarm is one example of such a firewall).
btw, I don't think nanog is the most appropriate list for these types of questions, fyi.
Probably so. The newsgroup news:comp.security.misc might be a better place. Tony Rall