Try tcpview, that will list all of the applications and ports and
destinations in the stack.
http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx
if you need more detailed knowledge of the executable use:
http://technet.microsoft.com/en-us/sysinternals/bb896653.aspx
Both are free Windows tools.
On Mon, Apr 26, 2010 at 9:53 AM, Edouard Zorrilla <ezorrilla_at_tsf.com.pe>wrote:
> Hi,
>
> Here we are facing a issue with a backdoor that use https to send
> information
> from machines to the internnet (Turkey and Denmark- 78.189.194.126,
> 93.160.202.224 ). The issue is that we have clean this machines with all
> antivirus we know, but machines keep sending https traffic and we do not
> know
> how to get with the applicantion (backdoor) that sending information our
> information to Turkey and Denmark. These machines are already isolated.
>
> Do you know a windows tool so that I can get : which application is using a
> specific destination protocol ?. I mean, WinMail.exe send to the internet
> pop3
> and smtp, now I need to know which application is sending https traffic to
> Internet from these machines,
>
> Thanks a lot,
>
> Warm regards
>
>
-- Joseph Blog http://secadmin.wordpress.com Blogs and organic groups at http://www.ccie.netReceived on Mon Apr 26 2010 - 13:04:52 ART
This archive was generated by hypermail 2.2.0 : Sat May 01 2010 - 09:49:57 ART