Go to the machine, go to a prompt, type
netstat
This will give you a listing of the current connections and the ports they
are connected to.
Look for ports 5800-5900.
This won't do you much good if the attacker is not connected, but win9x/NT
tends to cache recent connections for quite some time.
If that doesn't help, and you don't have a linux box handy (per Jonathan's
idea), get a copy of network monitor for NT. (Should be on your NT or
Backoffice CDs (SMS CD also). Install the network monitor agent as a
protocol, this will allow you to remotely capture traffic from the machine.
Install network monitor on any NT box on your network, but it should be on
the same subnet if possible. Setup a filter to capture the VNC ports.
If you need more help, please email me directly.
Thanks,
Steven V.
Central Service Association
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
