What process is writing to the network?

[Iain]

I have a machine at an ISP. The ISP is reporting an outrageous amount of
traffic (1 - 10GB per day).

My logs using Performance monitor more or less corroberate, these volumes,
but there is absolutely no indication in the logs (IIS et al) that anything
LIKE these volumes are being produced and the traffic was there before the
site was live.

Obviously I suspect some sort of trojan.

I'd like to track back which processes are using network bandwidth. How do
I do this?

(Oh, Windows 2003 Server Web Edition).

Allied to this, if the Tsak Manager reports a process as svchost.dll, how
can I find which service it is hosting?

Iain

(PS. McAfee Enterprise reports no viruses or other Malware)

 

[Iain]

Can anyone answer this?

How, with a utility, or by writing a program can I find examine ip traffic
by process? (initiallly volume levels netmon seems to detailed for what I
want to do).

Iain

 

[Danny Slye - [MSFT}]

TCPView from www.sysinternals.com will show you what process is making a
TCP connection. To see what processes are using Svchost.exe, use
Tlist.exe from the Windows 2000 CD-ROM; the syntax is tlist -s at the
command prompt.
Some viruses will copy a file called svchost.exe to the
C:\WinNT\System32\Wins\ directory.
--------------------

From: "Iain" <[email protected]>
References: <#VC#[email protected]>
Subject: Re: What process is writing to the network?
Date: Sun, 25 Jan 2004 11:21:31 -0000
Lines: 37
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.3790.0
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.3790.0
Message-ID: <#[email protected]>
Newsgroups: microsoft.public.win2000.networking
NNTP-Posting-Host: spc1-harg1-6-0-cust122.leed.broadband.ntl.com 81.96.83.122
cpmsftngxa07.phx.gbl!cpmsftngxa06.phx.gbl!cpmsftngxa09.phx.gbl!TK2MSFTNGP08.
phx.gbl!TK2MSFTNGP09.phx.gbl
Xref: cpmsftngxa07.phx.gbl microsoft.public.win2000.networking:52582
X-Tomcat-NG: microsoft.public.win2000.networking

Can anyone answer this?

How, with a utility, or by writing a program can I find examine ip traffic
by process? (initiallly volume levels netmon seems to detailed for what I
want to do).

Iain

__
Danny Slye
Microsoft Support Professional
MCSE

This posting is provided "AS IS" with no warranties and confers no rights.
Please reply to the newsgroup so that others may benefit. Thanks!