I have some network monitoring going on in the office here, and I just can't seem to figure out why a couple of workstations are sending SNMP packets to some private IP address that is not on our internal network. The packets are dropped over and over again and it's just annoying. The question is "Is there some utility, or another way to tell, what application/process is responsible for this unnecessary network chatter?"
2007-01-23 04:55:04 · 2 answers · asked by Mike K 4 in Computers & Internet ➔ Security
check out the forum at the techrepublic. they have many tools and very good advice on this and many more issues.good luck.
2007-01-23 06:19:27 · answer #1 · answered by Anonymous · 0⤊ 0⤋
Unless the packet itself has some identifier information within it, it would be very difficult to say exactly what process or program is sending these packets. If you can monitor your network traffic, why not see what ports are active and see if any are suspicious looking. It would appear that the spurious traffic may be either from spyware or possibly a trojan calling a server looking for updates. I had one computer that every 5 minutes would generate a packet. By using a port analyzer, I was able to block the port, effectively cutting it off from the outside world, even though all scans, etc never did reveal what the malware was but seeing as I blocked it, I was no longer worried.
2007-01-24 13:56:40 · answer #2 · answered by b g 3 · 0⤊ 0⤋