Posted June 14, 201212 yr FPCH Admin HI, I have enable shutdown event log in my XP machine however still I am not able to trace the IP of on of 15 XP work-group machine which remotely shutting down my machine. The command which might have been used is: shutdown /f /r /m \ /t: 0 Can any one suggest me how trace that remote machine IP ? Or at least tell me which protocol or port shutdown.exe uses when it sends remote command. I have captured ProcMon, NetMon and Wire-Shark log, still I have no clue to start my investigation. Please help. View this thread Off Topic Forum - Unlike the Rest
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.