Network Security: Detailed info on Re: Tracking down random ICMP

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Incidents

[Top] [All Lists]

Re: Tracking down random ICMP

from [Javier Fernández-Sanguino] Network Security

[Permanent Link]

Subject:	Re: Tracking down random ICMP
Date:	Thu, 25 Jan 2007 13:13:20 +0100

Valdis.Kletnieks@vt.edu dijo:

On Mon, 22 Jan 2007 09:19:31 -0400, Craig Chamberlain said:

Is there a tool that can determine which process ID is generating ICMP
packets or IRPs in Windows? TDImon seems to be TCP/UDP only. TCPview and
netstat apparently can't do it.


I'm not aware of any well-known userspace API that generates ICMP, so
any userspace would have to be hand-crafting the packets itself.  So what
you're looking for is a process that has a raw socket open.

Maybe you don't know about libdnet? [1] There are quite a number of tools that use it.

Regards

Javier


[1] http://libdnet.sourceforge.net/
(lib*dumb*net not to be confused with lib*dec*net)

[More messages with this same subject...]

<Prev in Thread]	Current Thread	[Next in Thread>
Tracking down random ICMP, Craig Chamberlain Re: Tracking down random ICMP, Kyle Maxwell Re: Tracking down random ICMP, Valdis . Kletnieks Re: Tracking down random ICMP, Jose Nazario Re: Tracking down random ICMP, Bojan Zdrnja Re: Tracking down random ICMP, Javier Fernández-Sanguino <= Re: Tracking down random ICMP, Valdis . Kletnieks Attempted FTP intrusion, David Gillett Re: Attempted FTP intrusion, Tillmann Werner

Previous by Date:	Re: Tracking down random ICMP, Bojan Zdrnja
Next by Date:	[Full-disclosure] [NETRAGARD-20061218 SECURITY ADVISORY] [@Mail WebMail Cross Site Request Forgery], Netragard Security Advisories
Previous by Thread:	Re: Tracking down random ICMP, Bojan Zdrnja
Next by Thread:	Re: Tracking down random ICMP, Valdis . Kletnieks
Indexes:	[Date] [Thread] [Top] [All Lists]