N
NewsBot
Guest
HI,
I have enable shutdown event log in my XP machine however still I am not able to trace the IP of on of 15 XP work-group machine which remotely shutting down my machine.
The command which might have been used is: <span style="font-weight:bold">shutdown /f /r /m \<remote computer ip> /t: 0
</span>Can any one suggest me how trace that remote machine IP ?
Or at least tell me which protocol or port shutdown.exe uses when it sends remote command.
I have captured ProcMon, NetMon and Wire-Shark log, still I have no clue to start my investigation.
Please help.
View this thread
I have enable shutdown event log in my XP machine however still I am not able to trace the IP of on of 15 XP work-group machine which remotely shutting down my machine.
The command which might have been used is: <span style="font-weight:bold">shutdown /f /r /m \<remote computer ip> /t: 0
</span>Can any one suggest me how trace that remote machine IP ?
Or at least tell me which protocol or port shutdown.exe uses when it sends remote command.
I have captured ProcMon, NetMon and Wire-Shark log, still I have no clue to start my investigation.
Please help.
View this thread