once again I need your assistance in order to understand things thoroughly.
I use a pretty vanilla Win7 32 bit and got the following tools running that are of importance here:
SmartSniff (Nirsoft without Wincap or so)
I have got installed Nuance/Scansoft Paperport 11 & Omnipage 16 - and registered. I notice in Peerblock that this tool blocks TCP connections towards Scansoft’s servers. This is of course the case since I have the appropriate blockfiles installed in Peerblock that block en masse IP ranges of corporations.
Well, no problem with me.
But I am really interested which of files belonging to the above software is connecting out.
I do not notice anything in Comodo’s firewall or defence+. This must be the case I blocked or allowed things concerning this, either in learning mode or consciously. Does not matter.
Fact is that Peerblock shows the outgoing con.
So, how can I get to know which service, exe, dll etc. it is?
As I said, I also run Currports and Smartsniff in order to look for the servers of Nuance.
These look by the advanced filters for:
include:both:tcpudp:220.127.116.11-18.104.22.168These are Scansoft's servers as far as I know by a tool of Nirsoft...
All in all, in order to understand things I think I need to know the priority of layers working here.
E.g., if Comodo firewall would be the first that looks at IP/TCP/UDP … then Peerblock should only see the connection above if Comodo lets it through, isn’t that the case?
Where do Currports and Smartsniff come into play?
Is it possible that they can not see the connections towards 22.214.171.124-126.96.36.199 since Comodo or Peerblock catch and block these in advance?
What have I to do in order to get a picture of what process is connecting towards Scansoft or why Peerblock shows me the block?
Currports and Smartsniffs log do not show anything…of