Question

Locked

TCP connections

By joe11701 ·
Server A is connecting and sending traffic to server B.
They should not be talking to each other.
I'd like to find out what process is being used to do this and disable / terminate it.

Server A is Win2K server
Server B is Win2k3

Any ideas?

This conversation is currently closed to new comments.

11 total posts (Page 1 of 2)   01 | 02   Next
Thread display: Collapse - | Expand +

All Answers

Collapse -

First question is...

by curlergirl In reply to TCP connections

Are they on the same TCP/IP subnet? If so, basic network browsing traffic would cause some instances where the two servers would contact each other. The only way to prevent this would be to turn off the computer browser service, which would prevent ALL connections (not just the ones from the specific server).

Collapse -

traffic...

by joe11701 In reply to First question is...

They are NOT on the same subnet.
and the Computer Browser server is disabled.

Collapse -

What Service is running? What type of "traffic" is being sent?

by silveradocyn In reply to TCP connections

Your question is so vague that there is no way to tell what you are asking. Http traffic, Printer Traffic, File Server Traffic... How do you know that the server is forwarding the traffic and there isn't confusion in the naming? There are multiple levels that you could be asking about, and starting with a real description is the first step.

Collapse -

vauge question...

by joe11701 In reply to What Service is running? ...

My apologies, but i don't know what kind of traffic is being sent. i would think that if i knew that, i'd know where it was coming from.

Collapse -

Sniff the packets

by Zen37 In reply to TCP connections

The port number should give you a nice idea of which service or application is communicating. If not, look inside the packet, there could be clues there.

Collapse -

Port number

by joe11701 In reply to Sniff the packets

According to netstat, the port number is 3511....
and this is for?????.....

Collapse -

Source and destination

by Zen37 In reply to Port number

3511 sounds like a source port number, the destination should be under 1024. If not, then this is probably not a Windows service

Collapse -

try this first

by lowlands In reply to TCP connections

run netstat on both servers.

on server A, look for IP of server B and other way around.

On server B, try netstat -ano, search for both server A's IP and on server A the associated process ID.

Collapse -

Netstat

by joe11701 In reply to try this first

There's a difference in versions of netstat between the 2 boxes. the -o switch doesn't exist on Server A ( win 2000)

I'll try to copy it over.

Collapse -

Netstat

by joe11701 In reply to Netstat
Back to Networks Forum
11 total posts (Page 1 of 2)   01 | 02   Next

Related Discussions

Related Forums