• RSS
  • Twitter
  • FaceBook

Security Forums

Log in

FAQ | Search | Usergroups | Profile | Register | RSS | Posting Guidelines | Recent Posts

How to capture outbound DNS requests with PID

Users browsing this topic:0 Security Fans, 0 Stealth Security Fans
Registered Security Fans: None
Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response

View previous topic :: View next topic  
Author Message
Maxhavoc
Just Arrived
Just Arrived


Joined: 10 Feb 2006
Posts: 0


Offline

PostPosted: Fri Sep 19, 2008 5:09 pm    Post subject: How to capture outbound DNS requests with PID Reply with quote

I'm seeing lots of hosts on my network sending outbound DNS requests to 8800.com and 3322.org. These are fairly well known malicious sites and are blocked by about three different security appliances at my company, but I want to know what process or application keeps making these requests.

Packet capture apps like Wireshark will see the DNS requests but can't tie them to a process. Socket monitors like Sysinternals tcpview doesn't see the DNS requests at all but could tie them to a process if it did.

So my question is, what software can I use that will monitor ALL incoming and outgoing connections and be able to associate a process with it?

Thanks for the help.
Back to top
View user's profile Send private message
ashu.wifi
Lamer
Lamer


Joined: 22 Aug 2008
Posts: 0
Location: Heaven

Offline

PostPosted: Fri Sep 19, 2008 10:09 pm    Post subject: Reply with quote

simply use network monitor in win2k3 and select DNS as an protocol but this will only gonna work if this server is gateway for all internet users
Back to top
View user's profile Send private message Send e-mail
Maxhavoc
Just Arrived
Just Arrived


Joined: 10 Feb 2006
Posts: 0


Offline

PostPosted: Mon Sep 22, 2008 3:56 pm    Post subject: Reply with quote

Network Monitor is just like Wireshark, it will capture the packets but it will not give me the PID of the process that made the DNS request.
Back to top
View user's profile Send private message
Display posts from previous:   

Post new topic   Reply to topic   Printer-friendly version    Networking/Security Forums Index -> Computer Forensics and Incident Response All times are GMT + 2 Hours
Page 1 of 1


 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum

Community Area

Log in | Register