[Dshield] ICMP Traffic ??
bndow at Ndowtech.com
Wed Apr 11 22:42:41 GMT 2007
Is there any utility out there that would identify exactly what process or program is sending out ICMP traffic ? I am seeing whole lot of ICMP echo request going out to one of IP address from different machines within our network. This IP is not a valid IP in our network but it kind of looks like the IP of one of our desktop management servers but for one digit ( eg. 22.214.171.124- our server and 126.96.36.199-- the server all ICMP request are directed to). I have already used Wireshark and can capture the traffic from the machines sending the traffic but I can't exactly pin point what is doing it. I have also used TCPview but no go, run different scans for viruses and malware but no go. My next step with our desktop group to see if the reporting agents on the desktops were not properly configured to report to the wrong server IP.
Any help would be appreciated.
More information about the list