sys-eng Posted December 19, 2009 ID:172673 Share Posted December 19, 2009 I get at least one message a day from Malwarebytes saying that it has blocked access to a malicious IP address. The most recent IP-BLOCK was 89.28.61.147. It appears that this IP address is registered to someone in Chisinau. This area is notorious for hackers and spammers so I appreciate Malwarebytes blocking the access. Now I would really like to know what program tried to make connection to that IP. Any ideas on how to track down the culprit? Link to post Share on other sites More sharing options...
GT500 Posted December 19, 2009 ID:172691 Share Posted December 19, 2009 Something like TCPView or Wireshark should work. Windows Vista and Windows 7 have built-in network monitors as well. Link to post Share on other sites More sharing options...
sys-eng Posted December 19, 2009 Author ID:172902 Share Posted December 19, 2009 Something like TCPView or Wireshark should work. Windows Vista and Windows 7 have built-in network monitors as well.It appears that TCPView is most appropriate for this. The Wireshark site says that it can do it by analyzing the "... expression..." buthe application process may not be identified the same as what it appears in Task Manager. The support of Wireshark recommends TCPView for this.Thanks for the help. Link to post Share on other sites More sharing options...
GT500 Posted December 19, 2009 ID:172906 Share Posted December 19, 2009 TCPView also highlights active connections in red and green, so it's easy to find what you're looking for. Link to post Share on other sites More sharing options...
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now