Ask Your Question
0

Identify windows process behind short lived ephemeral port

asked 2024-08-13 11:50:41 +0000

G gravatar image

Hi, I am trying to track down a process behind some network packets.

The process sends out a UDP packet every minute or so and gets an immediate reply, every time it sends it uses a different UDP port on the local machine (the remote port always stays he same). I suspect that the process closes the port as soon as it gets the reply, as I can never see it in "netstat -abn".

How do I identify the process behind these packets? - Is there a way to log whenever a process opens a port?

Thank you

edit retag flag offensive close merge delete

1 Answer

Sort by ยป oldest newest most voted
0

answered 2024-08-13 12:28:31 +0000

grahamb gravatar image

If the machine is using a Windows OS, the ProcMon tool from SysInternals can capture network transmissions with info about the process that made the transmissions.

edit flag offensive delete link more

Comments

Chuckc gravatar imageChuckc ( 2024-08-13 12:52:15 +0000 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2024-08-13 11:50:41 +0000

Seen: 81 times

Last updated: Aug 13