Maybe this is some help?
http://forum.sysinternals.com/forum_posts.asp?TID=3432
If not, perhaps you could attempt to telnet or putty into the port, and see
if it returns an error message which might give some more info.
Another idea - try ethereal to capture the packet data and see what it
contains.
Also I believe nmap can attempt to establish what's listening on a certain
port. It might give you more info than just system 4.
Regards
Colin
----- Original Message -----
From: "Buozis, Martynas" <martynas@ti.com>
Hello
I need an advice. I have Windows 2003 server. It occasionally show
strange and suspicious network behavior. I used command "netstat -abov"
and Process explorer tool from Sysinternals to find process behind
connections. I found that it is "System 4" and got stuck. How I can
identify what is behind this "System 4"?
I thought it may be hidden process, but RootkitReveal from Systinternals
did not show anything.
I will be grateful for any ideas how to identify what is behind these
TCP connections from server to many computers!
Thank you in advance.
With best regards
Martynas
---------------------------------------------------------------------------
This list is sponsored by: Norwich University
EARN A MASTER OF SCIENCE IN INFORMATION ASSURANCE - ONLINE
The NSA has designated Norwich University a center of Academic Excellence
in Information Security. Our program offers unparalleled Infosec management
education and the case study affords you unmatched consulting experience.
Using interactive e-Learning technology, you can earn this esteemed degree,
without disrupting your career or home life.
http://www.msia.norwich.edu/secfocus
---------------------------------------------------------------------------
