HI,
I have enable shutdown event log in my XP machine however still I am not able to trace the IP of on of 15 XP work-group machine which remotely shutting down my machine.
The command which might have been used is: shutdown /f /r /m \ /t: 0
Can any one suggest me how trace that remote machine IP ?
Or at least tell me which protocol or port shutdown.exe uses when it sends remote command.
I have captured ProcMon, NetMon and Wire-Shark log, still I have no clue to start my investigation.
Please help.
View this thread
I have enable shutdown event log in my XP machine however still I am not able to trace the IP of on of 15 XP work-group machine which remotely shutting down my machine.
The command which might have been used is: shutdown /f /r /m \ /t: 0
Can any one suggest me how trace that remote machine IP ?
Or at least tell me which protocol or port shutdown.exe uses when it sends remote command.
I have captured ProcMon, NetMon and Wire-Shark log, still I have no clue to start my investigation.
Please help.
View this thread