netsh trace场景netconnection - 理解结果 [英] netsh trace scenario netconnection - understanding results
问题描述
我正在追踪尝试连接到互联网上被我们的防火墙阻止的域。
分析器中生成的消息显示了通过模块DNS汇总到(for?)有问题的域。
有没有办法通过查看周围的消息来确定请求的源应用程序/进程/服务?
是否有Microsoft参考文档有助于了解一般结果?
请告知并感谢您的时间。
和平。 。 。 Vince
我不一定是我我正在按照您的要求进行操作,但我认为您希望找到与友好名称相关联的流程,并且您想要开始使用DNS。
如果您看到了DNS请求,摘要应提及答案中涉及的IP地址。 您可以在这些IP地址上创建过滤器,并查看涉及它们的流量类型。 使用Message Analyzer,我建议打开
分组视图(如果尚未打开)(New Viewer-> Grouping-> Process Name and Conversation)。 然后你过滤分组视图,首先选择添加过滤器,然后添加IP地址过滤器,如*地址== 192.168.1.5或*地址== 192.168.1.10,基于
,你看到解决的IP地址为您感兴趣的友好名称。
最高级别的是此流量所涉及的流程列表。 默认情况下,树会展开,但按下" - "按钮。工具栏中的按钮将全部折叠。 点击每个流程将显示生成的流量
。
这有用吗?
谢谢,
保
I am tracking down an attempt to connect to a domain on the internet that is being blocked by our firewall.
The resulting messages in the analyzer shows a request in the summary to (for?) the domain in question via module DNS.
Is there a way to determine the source application/process/service of the request by looking at the surrounding messages?
Is there a Microsoft reference document to help understand results in general?
Please advise and thanks for your time.
Peace . . . Vince
I'm not certainly I'm following exactly what you want, but I think you want to find processes associated with a friendly name, and you have the DNS you'd like to start with.
If you see a DNS request, the summary should mention the IP addresses that were involved in the answer. You could create a filter on those IP addresses and see kind of traffic involves them. With Message Analyzer, I would suggest opening a grouping view, if one's not open already (New Viewer->Grouping->Process Name and Conversation). Then you filter the grouping view, first select Add Filter, and add the IP address filter, like *Address==192.168.1.5 or *Address==192.168.1.10, based on the ip addresses you see resolved for the friendly name you are interested.
What remains, at the top level, is a list of processes that were involved in this traffic. The tree is expanded by default, but pressing the "-" button in the toolbar will collapse all. Clicking on each process will show the traffic generated.
Does this help?
Thanks,
Paul
这篇关于netsh trace场景netconnection - 理解结果的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
