Skip to main content

dns request

More
20 years 8 months ago #263 by fl6
Replied by fl6 on topic dns request
What I found is this:
Ethereal shows the source port and ip address for this request. Obliviously I know it's my own inside ip address, but with an util called fport, it will show me the the process that is using the source port. It happens to be svchost.exe. There are a few running in the background. So now I know that's it the svchost process that is constantly making this request. So far all I know is that svchost is sometimes working in conjunction with DNSCACHE. But this is as far as I got.
More
20 years 6 months ago #798 by sahirh
Replied by sahirh on topic Re: dns request
Aah !! the wonderful svchost.exe !! Killing processes will not help you my friend..

svchost is microsofts wonderful way of allowing its services to access the net etc.. basically any windows service that needs to access the net runs as an instance of svchost.exe.. this is wonderful as its very difficult to figure out what service is making what request !! However there are things you can do.

The starting point would be to check the services you're running
start >> run >> services.msc
you might find some spyware or something has started a service.
If you say this is happening all the time, the service is probably set to start automatically..
visit www.blackviper.com which has a list of services that you can and should disable.. and what you require to run what.. disable anything you're not using.

second thing you can do is.. in the windows 2000 resource kit (on the cd) there is a command line utility called tlist.exe.. it shows you the subprocesses in each main process.. run it like this
tlist.exe -s
you'll see svchost listed, along with all the services its acting as an agent for.

btw, instead of using fport goto www.sysinternals.com and download tcpview (35kb freeware) it is like netstat, and it shows you the process making each connection... also lets you close the connection and kill the process.


Cheers,
Sahir.
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
More
20 years 6 months ago #806 by Chris
Replied by Chris on topic Re: dns request
Excellent utility!

I've been looking around something similar to TCPview. Sahir, since you suggested the utility, do you mind creating a new thread within the Cool Software forum and include it ?

Cheers,
Chris Partsenidis.
Founder & Editor-in-Chief
www.Firewall.cx
More
20 years 6 months ago #808 by sahirh
Replied by sahirh on topic Re: dns request
Thread created and a flattering little review written as well ;)


Sahir
Sahir Hidayatullah.
Firewall.cx Staff - Associate Editor & Security Advisor
tftfotw.blogspot.com
Time to create page: 0.154 seconds