Ask Your Question

Revision history [back]

click to hide/show revision 1
initial version

Identify windows process behind short lived ephemeral port

Hi, I am trying to track down a process behind some network packets.

The process sends out a UDP packet every minute or so and gets an immediate reply, every time it sends it uses a different UDP port on the local machine (the remote port always stays he same). I suspect that the process closes the port as soon as it gets the reply, as I can never see it in "netstat -abn".

How do I identify the process behind these packets? - Is there a way to log whenever a process opens a port?

Thank you