How to Identify and Kill Pinging Program?

[Bob Simon]

I just downloaded a packet capture and decode program and now see that
my W2K server is continuously pinging thousands of sequential
addresses. I want to shut down this application or process but I
can't find it.

Task manager does not show any running applications. When I attempt
to terminate high cpu processes in order to find the pinger, most of
them do not allow me to do so. I also looked in the registry branches
for Windows/Current Version/Run to see what might be starting up when
the server boots, but did not find anything suspicious.

I know very little about W2K and do not know how to proceed. I would
very much appreciate some advice on how to identify and terminate this
program.

 

[robert]

i know that w2k trys to dynamically register its self with a DNS server,
could be that?
if so then disable dynamic registration on w2k.

 

[Bob Simon]

Robert,
Thanks for the reply. You've pointed me to an interesting area that I
don't understand well so I'm studying the MS article 246804 that
describes the process. However, I believe this will not help me solve
the problem.

The reason for my conclusion is that the DHCP client service that
registers its address in DNS already knows his DNS server's address.
Therefore, there would be no reason for him to ping all sorts of
addresses looking for something that turns out to be a DNS server.
Bob

 

[Peter Kaufman]

Have a look at a utility called hijackthis.exe (easy to find with a
google search). It may locate something suspicious.

Please post back if you find anything.

Peter Kaufman MCP