Community
how do you reveal the technician/agent who logged into a PC remotely?
Links used in this discussion
Links used in this discussion
john kumpf,
User (Posts: 85)
Sep 09, 2024 2:52:57 pm EDT
Support level: Free or trial
So my system tray / notification area icon for Remote Utilities host is red. On this PC there's a banner in the lower right over the notification areas saying someone is logged in (altho this notification banner is off by default in a paid account). It's not me that's logged in or anyone else that has access--I checked. It could be an orphaned session. It could be an attack, I suppose.
I looked around, I can't find any way to identify the user that has logged into this PC remotely.
To clarify, I'm looking at a host PC or with the agent running, and am trying to figure out who is running the Viewer to connect to it.
I searched in this forum but couldnt find a post on it. Perhaps I could not figure out the right search keywords.
I looked around, I can't find any way to identify the user that has logged into this PC remotely.
To clarify, I'm looking at a host PC or with the agent running, and am trying to figure out who is running the Viewer to connect to it.
I searched in this forum but couldnt find a post on it. Perhaps I could not figure out the right search keywords.
john kumpf,
User (Posts: 85)
Sep 09, 2024 3:12:39 pm EDT
Support level: Free or trial
Thanks. I found that.
I suppose I can check all our IPs and see if it matches. But the IP can change if a laptop is on a different network, eg, in a different location, eg traveling.
That tells me the IP address. But nothing else about the "local" user (agent/technician/viewer user)?
09.09.2024---18:57:07:030 116 12.34.56.789 Incoming ID connection from IP: 12.34.56.789
09.09.2024---18:57:07:140 116 12.34.56.789 Incoming ID connection from IP: 12.34.56.789
09.09.2024---18:57:07:296 116 12.34.56.789 Incoming ID connection from IP: 12.34.56.789
I suppose I can check all our IPs and see if it matches. But the IP can change if a laptop is on a different network, eg, in a different location, eg traveling.
Edited:john kumpf - Sep 09, 2024 3:23:04 pm EDT
Conrad Sallian,
Support (Posts: 3074)
Sep 09, 2024 3:26:07 pm EDT
Hi John,
Unfortunately no, no other local information is transmitted. However, as you have noticed, Viewer IP address is available in the log and this can give a clue about who might be attempting connection. There is also information about the connection mode used (Full control, View etc.).
Unfortunately no, no other local information is transmitted. However, as you have noticed, Viewer IP address is available in the log and this can give a clue about who might be attempting connection. There is also information about the connection mode used (Full control, View etc.).
john kumpf,
User (Posts: 85)
Sep 09, 2024 4:27:20 pm EDT
Support level: Free or trial
It appears that:
That session's IP checks out for me.
But is this IP [216.158.232.18] the default RU server?
loopback Remote screen connection. Started. Session: {CEF1E8C0-5BAE-4B7C-8CAD-F5B472D94E95}
loopback Access granted. Session: {CEF1E8C0-5BAE-4B7C-8CAD-F5B472D94E95} Free: 55c14b7e9110523429557ab3afbbb5c0record a start/logon event, and,record an end/logoff event.
loopback LogOff command. Session: {CEF1E8C0-5BAE-4B7C-8CAD-F5B472D94E95}
loopback Remote screen connection. Closed. Session: {CEF1E8C0-5BAE-4B7C-8CAD-F5B472D94E95}
That session's IP checks out for me.
But is this IP [216.158.232.18] the default RU server?
08.09.2024---08:35:08:866 96 Internet-ID ErrorCode <> 0 Error code: 1
08.09.2024---08:35:47:112 96 Relay node: OK ID: MY-ID-1234; Port: 5655; Try count: 3
08.09.2024---08:36:02:414 96 Relay node redirect: OK. Relay redirect. To: 216.158.232.18
08.09.2024---08:36:02:734 96 Relay node: OK ID: MY-ID-1234; Port: 5655; Try count: 1
09.09.2024---08:35:11:326 96 Internet-ID ErrorCode <> 0 Error code: 1
09.09.2024---08:35:31:339 96 Relay node: OK ID: MY-ID-1234; Port: 5655; Try count: 1
09.09.2024---08:35:58:843 96 Internet-ID ErrorCode <> 0 Error code: 1
09.09.2024---08:36:52:910 96 Internet-ID: Unable to connect to ID server. Address: id72.remoteutilities.com; Port: 443; Connect timed out.(EIdConnectTimeout)
09.09.2024---08:36:57:911 96 Internet-ID ErrorCode <> 0 Error code: 1
09.09.2024---08:37:06:892 96 Relay node: OK ID: MY-ID-1234; Port: 5655; Try count: 1
09.09.2024---08:37:10:463 96 Relay node redirect: OK. Relay redirect. To: 216.158.232.18
09.09.2024---08:37:10:783 96 Relay node: OK ID: MY-ID-1234; Port: 5655; Try count: 1
Conrad Sallian,
Support (Posts: 3074)
Sep 09, 2024 6:49:16 pm EDT
Yes, one of the relay nodes (servers).But is this IP [216.158.232.18] the default RU server?
* Website time zone: America/New_York (UTC -5)