firewall – How to identify application that is generating ICMP echo requests on Windows 10?

My company security team has informed me that my workstation is pinging some “blacklisted” IP addresses. The enterprise security tool reporting this information sits in place of the usual Windows firewall, but it seems it is unable to tell which process is the culprit.

I had the device rebuilt about six months ago for the same reason, and I’m pretty sure it’s just an application that’s using a content-delivery network that happends to have also been used by some malware at some point; hence the blacklisted IPs.

Normally in this situation a combination of Wireshark, netstat, TCPView and other tools would help me nail down which process is generating the traffic. For ICMP echo requests, however, it seems that the source process is always a system DLL.

Some googling led to a page which does have some advice on how to narrow down the process by checking which have got the icmp.dll or iphlpapi.dll loaded. I’ve currently got dozens of processes with iphlpapi.dll loaded, so trying to narrow down which might be sending these requests is going to take quite some time.

Another issue is that these ICMP requests are sent very infrequently. Maybe a couple of times a day. So at the point I’m looking, the process might not even be running.

What I really need is a tool that I can leave running which will look for ICMP requests to these IP addresses, and as soon as they’re seen it would identify the process that made them. Does such a thing exist? Is there another low-effort approach that I’m missing?

Source link

Leave a Comment

Your email address will not be published.

For Developers

Apply to remote US software jobs from the comfort of your home

Join a network of the world's best developers & get full-time, long-term remote software jobs with better compensation and career growth.

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

ITTone will use the information you provide on this form to be in touch with you and to provide updates and marketing.