I've been on a firewall monitoring kick lately and I've noticed a lot of office computers chatting on http and/or snmp. Mine for one was trying to open snmp-read on 192.168.1.4 all throughout the day. That drives me crazy. Yeah, I'm that guy.
So, how do you go about running that down? Use the firewall to your advantage.
The firewall will tell you not only what IP address and port you're trying to talk to, but it will also tell you what port you're talking from on your PC.
Now we can use netstat -ano to tell us what process ID (PID) is using the the source port 65365.
Finally, we can use procexplore (a free SysInternals tool) to determine what process has PID 1740. You can also use Task Manager, but I like the SysInternals tool better.
The print spooler ... dang it!
And, there you have it. My girlfriend's printer.
My next post will hopefully be on how to make it stop talking all day long ;) Really Microsoft?! Do we need to query the device every 70 seconds? Why don't we just talk to the printer when we try to use it.
And people wonder why are PCs run so slowly ... sheesh.
No comments:
Post a Comment