12
7
I'm redoing my firewall configuration with more restrictive policies and I would like to determine the provenance (and/or destination) of some outgoing connections.
I have an issue because they come from svchost.exe and go to web content/application delivery providers - or similar:
5 IP in range: 82.96.58.0 - 82.96.58.255 --> Akamai Technologies akamaitechnologies.com
3 IP in range: 93.150.110.0 - 93.158.111.255 --> Akamai Technologies akamaitechnologies.com
2 IP in range: 87.248.194.0 - 87.248.223.255 --> LLNW Europe 2 llnw.net
205.234.175.175 --> CacheNetworks, Inc. cachefly.net
188.121.36.239 --> Go Daddy Netherlands B.V. secureserver.net
So is it possible to know which service does a particular connection? Or what's your recommendation about the rules applied to these ones?
(Comodo Firewall & Windows 7)
Update:
netstat -ano
& tasklist /svc
help me a little but they are many services in one svchost.exe so it's still an issue. moreover the service names returned by "tasklist /svc" are not easy readable.
(All the connections are HTTP (port 80) but I don't think it's relevant)
All you are right. For me this feature works in XP only. It would be nice to investigate on what has changed in w7 in this regard so it doesn't work. – saulius2 – 2015-03-15T09:51:32.887
Very interesting, but unfortunately PE v11.33 appears to not support TCP/IP stacks on Windows 7 :-/ "Stacks not available on this version of Windows". I don't have found confirmation on the web but I'm pretty sure I have configured Symbols correctly... – fluxtendu – 2010-03-24T02:37:51.953
Same result with the new PE 12 :-/ – fluxtendu – 2010-03-26T16:12:27.280
1Hmm.. I get the same on 7. Strange it works fine on XP. – heavyd – 2010-03-26T18:11:13.937
1The TCP/IP tab should have a "Service" column which, for example while looking at an instance of svchost.exe, tells you which service owns each connection (among the services grouped under the same PID).
Right now I'm using PE 12.00, and at this moment I can't check whether the "Service" column was there in the previous version, but it should be worth a try. – TataBlack – 2010-03-28T23:02:32.303