Jump to content

Featured Replies

Posted
  • FPCH Admin

HI,

 

I have enable shutdown event log in my XP machine however still I am not able to trace the IP of on of 15 XP work-group machine which remotely shutting down my machine.

 

The command which might have been used is: shutdown /f /r /m \ /t: 0

 

Can any one suggest me how trace that remote machine IP ?

 

Or at least tell me which protocol or port shutdown.exe uses when it sends remote command.

 

 

I have captured ProcMon, NetMon and Wire-Shark log, still I have no clue to start my investigation.

 

Please help.

 

 

View this thread

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...