Guest NewsBot Posted June 14, 2012 Posted June 14, 2012 HI, I have enable shutdown event log in my XP machine however still I am not able to trace the IP of on of 15 XP work-group machine which remotely shutting down my machine. The command which might have been used is: <span style="font-weight:bold">shutdown /f /r /m \<remote computer ip> /t: 0 </span>Can any one suggest me how trace that remote machine IP ? Or at least tell me which protocol or port shutdown.exe uses when it sends remote command. I have captured ProcMon, NetMon and Wire-Shark log, still I have no clue to start my investigation. Please help. View this thread Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.