24hoursupport.helpdesk
[Top] [All Lists]
<prev [Date] next>
Google
 
<prev [Thread] next>

Re: HELP - Computer sending packets when idel

from [why?]
Subject: Re: HELP - Computer sending packets when idel
From: why? <fgrirp*sgc@VAINY!Qznq.fpvragvfg.pbz>
Date: Tue, 28 Feb 2006 18:16:56 GMT
Newsgroups: 24hoursupport.helpdesk 
On 27 Feb 2006 21:58:46 -0800, stefanmoran@xxxxxxxxx wrote:

>Hello,
>
>Recently my computer started sending packets over the net as soon as
>it's booted.
>
>A packet capture with Ethereal tells me that the packets are always the
>same size 197 Bytes, same LLC protocol with the same HEX data.

Windows or or other OS? Several of the bits below work on non Windows
platforms.

So you didn't mention address / ports.

<snip>

>
>So I'm looking for an app that will allow me to...
>1. Track what software on my system sending packets (size, protocol,
>ports, etc.)

Ethereal for size,protocol, ports see the stats / summary menus.

Outpost firewall has program / bytes. If you start by blocking
everything then allow only specific apps as needed. Logs have allowed /
blocked process names , protocols , addresses and ports.

From past posts in 24HSHD,
http://groups.google.com/group/24hoursupport.helpdesk?
(searching for info seems to be a lost art)

Ripped from a previous posts,

You can see the basic connection info , socket state and server
addresses using something like Karen's LAN Monitor
http://www.karenware.com/powertools/ptlanmon.asp
That's a sort of high level view of what's going on. 

and this, list of tools
http://www.winpcap.org/misc/links.htm

this as well, 
http://www.tamos.com/products/commview/sniffer.htm


this also,
http://www.sysinternals.com/NetworkingUtilities.html
TCPView v2.4
See all open TCP and UDP endpoints. On Windows NT, 2000 and XP TCPView
even displays the name of the process that owns each endpoint. Includes
a command-line version, tcpvcon.

and whois
http://www.sysinternals.com/utilities/whois.html
Whois v1.01
See who owns an Internet address.




HAve a read and see what features the stuff has.

>2. Track where the packets are being sent to (IP, Whois, etc.)

Search www.google.com for whois you will find several whois servers.

Search for addresses using www.dnsstuff.com

VisualRoute does that and more, www.visualware.com

>3. Any info to shed light on how to correct this problem (better
>security for my comp other then having to go to Linux or Mac)

Is it a problem yet?

>Thanks for any help given.
>
>SM

Me
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Probs with HP 3300C Scanner, Tony
Next by Date:  Re: Probs with HP 3300C Scanner, Evan Platt
Previous by Thread:  Re: HELP - Computer sending packets when idel, Trax
Next by Thread:  Hlpe, feretad
Indexes:  [Date] [Thread] [Top] [All Lists]