HoolyGun
join:2000-08-21
Plantsville, CT
|  I'd like to monitor outgoing traffic...
...what would be the best software (freeware preferred) to handle that. The more details in the logs, the better.
Thnx.
--
"You're only as fast as your slowest link." Sometimes it's you...
»hoolygun.freeyellow.com |
|
B
Premium,MVM
join:2000-10-28
| Huh? You just know that at least half the people here are going to say "use ZoneAlarm (free)", don't you?
There aren't many other legitimate choices, although if you want packet level details you'll want a sniffer-like tool. I posted some links in another thread around here somewhere.
-- B
P.S. I am assuming you're talking about monitoring a single PC, not monitoring outbound traffic at a router or firewall... |
|
HoolyGun
join:2000-08-21
Plantsville, CT
| Yeah, I'm aware of Z.A. I was hoping for more choices, I guess...
All I need is to monitor a single PC I'm suspecting of being compromised (maybe a trojan, maybe not - a little too active when idle).
Thnx.
--
"You're only as fast as your slowest link." Sometimes it's you...
»hoolygun.freeyellow.com |
|
GaryK7
Premium
join:2000-08-29
Miami, FL
clubs:
 ·Atlantic Broadband
| Don't make guesses.  Download a trojan scanner and scan your system.
There are a large number of reasons why your system might be active when you think it should be idle. One common example is that MS Office Find Fast could be reindexing your hard drive.
--
-tb/gary.
"The person who says it cannot be done should not interrupt the person doing it."
Chinese Proverb
---
Angry at ZoneAlarm? Complain about it! |
|
2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
clubs:  | reply to HoolyGun
If you use ZA and turn on the LOCK during those periods you don't think any external activity should take place, you should get some hints via the log. |
|
V7Goose
join:2000-09-06
Colleyville, TX
| reply to HoolyGun
If you want to see what is active when idle, run WinTop. I think you can still find it somewhere on Microsoft's web site - used to be part of one of their -Toys packages. The original was for W95, but works fine with W98SE too. If something has the CPU pegged, you might see some illegal operations while trying to start WinTop, but you just need to keep trying. I've never gotten the error after WinTop is already running - even when CPU is in a tight loop. I just keep the icon in the task launcher so I can quickly start it any time I suspect unknown activity. It won't tell you what the program is doing, just what programs are using the CPU and how much. It also gives you another way to kill a task besides the Close Program task list. |
|
gwion
wild colonial boy
Premium,ExMod 2001-08
join:2000-12-28
Pittsburgh, PA
| reply to HoolyGun
If you're a tech head, and aren't afraid to roll up your sleeves a little, check out http://www.snort.org/ -- they have an interesting, but very unix-ey, port sniffer you might be interested in.
--
--------------
"If science is considered a closed priesthood, too difficult and arcane for the average person to understand, the dangers of abuse are greater." --Carl Sagan, from "Broca's Brain." |
|
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
|  reply to HoolyGun
I guess it all depends on you. If you want to stop the outgoing traffic, then you should go with a firewall. If you just want to watch it go out, then sure get a sniffer. There are several good sniffers out there and you can easily find them on the Net. However as gwion put it, data coming from sniffers are not easy to interpret if you don't know much about packets and what they do. Of course you can always learn even if you don't know it now. But I would still go with a firewall first. If your firewall stops anything that indicates a Trojan then go and get a Trojan scanner. And if you still want to learn, then forget about them both and get a sniffer.
--
You can catch the Devil, but you can't hold him long. |
|
Anon | Considering the latest dialog at this site on ports it seems to me that a good local port scanning tool would be in order. The reason I say this is that if ya do it yourself rather than using a website one would feel more confident in the results! Netstat in the DOS window is too limited IMHO.
Can someone please recommend a good reliable "free sniffer" or a good reliable "local port scanner"? |
|
HoolyGun
join:2000-08-21
Plantsville, CT | reply to HoolyGun
Thnx y'all!
I'll start by isolating that PC and scanning it for just about anything other than win.exe ... |
|
