Jump to content

How can I trace the IP of "Remote shutdown" source machine?


Recommended Posts

Guest NewsBot
Posted

HI,

 

I have enable shutdown event log in my XP machine however still I am not able to trace the IP of on of 15 XP work-group machine which remotely shutting down my machine.

 

The command which might have been used is: <span style="font-weight:bold">shutdown /f /r /m \<remote computer ip> /t: 0

 

</span>Can any one suggest me how trace that remote machine IP ?

 

Or at least tell me which protocol or port shutdown.exe uses when it sends remote command.

 

 

I have captured ProcMon, NetMon and Wire-Shark log, still I have no clue to start my investigation.

 

Please help.

 

 

View this thread

  • Replies 0
  • Created
  • Last Reply

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


×
×
  • Create New...