Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

Windows network security : how to know what data I am sending and Where ? + anti hacking intrusion services

Posted on 2003-11-03
7
Medium Priority
?
238 Views
Last Modified: 2013-12-04
Hello all,

I am on windows XP home, and am using the XP firewall.

I'm using a peer to peer program (emule) and an internet traffic monitor (networx).
It looks like the outgoing traffic is much more important than the one I authorize (I've capped it at 7kbytes in emule, and it shows 15 in Nteworx). I'm not doing any other thing Internet related.

I have already conducted an extensive virus scan to look for possible troyans or other backdoors, with no result.

I wonder if there really is additional traffic, if yes, what is this overhead traffic and where it goes. I would like to know if there is a simple program to determine what files I am sending and to what IP address.

Thanks if you can point me to a good (and simple) program for doing that. If that program has anti hacking services included, even better.

best regards,

Fabrice
0
Comment
Question by:fabricedeparis
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 3

Expert Comment

by:nonsence
ID: 9672614
here's a nice simple to use program that does the job and is free for windows

http://download.com.com/3000-2085-10062969.html?part=65960%20&subj=dlpage&tag=button

it doesn't capture data or anything. just shows what's open, what file is accessing hte internet and what ip it's connected to on what port, etc etc. all in a one window graph. it's great
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9675825
I use a free program called Vision from Foundstone for this network analysis.
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/vision.htm

This also shows you what IPs are connecting to your system ,what ports and what programs - it also allows you to terminate any unwanted critters ;)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9678255
> how to know what data I am sending and Where ? + anti hacking intrusion services

The first step is to install and run ZoneAlarm firewall (or Sygate). Block everything. Now:

simply watch what is attempted for being sent.  For free, you do get the destination and the process, port, but not the files.  Traffic is about more than files, but if you get the first few pieces, you can find more. Especially important if not permitted (which is purpose of ZA, to stop the unpermitted).
0
Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

 
LVL 1

Author Comment

by:fabricedeparis
ID: 9754613
Hi there,

I've made several tests, and I'm a little nonplussed. I've tried the different portscanners suggested, very simple to use, not that easy to understand. So i didn't make much of that intel. Only that

So I came back to simple testing. If I stop my peer to peer service (emule) the upload rate nearly instantaneously falls down to under 2kb/s. So it seems that if there is haemorragy somewhere that's where it happens. This is confirmed by the port scanner.
However inside emule, as I mentioned, i never go above 7kb/s with an average around 5.

If I try an FTP upload without emule, on my provider FTP, I get around 8kb/s average, with a max at 10.

I'm starting to suspect that it could simply be a combination emule using a lot of upload traffic for "additional" tasks (whatever those can be, setting up connection, etc...) and reporting only on the main tasks (exchanging files), and a current poor performance of my ISP in terms of upload capacity.

For Sunbow : I already use XP firewall. I can install ZA, but I don't see what else it would teach me since stopping emule seems to stop outgoing traffic, and I am a little cautious with firewall installations since last time I tested another, (the firewall from Ontrack systemsuite) it simply rebooted my system each time it started (at boot).

Anyway, I just leave this topic open a little more in case someone can prove the following statement wrong :

it seems there is no simple way of knowing what is the source (file) of the data that is being sent, but only where you send it,through what port and via what application. Maybe through the use of packet sniffers or that sort of tool can you know what the data sent really is (especially if it comes from a specific file, and not from an application tunneling it), but those tools seem fairly difficult to use to me.

Anyone got a better view on this ?

Cheers,

Fabrice

PS : just for mentioning in case it interests someone dropping on this topic  in the future, I also tested DiamondCS Port explorer, which isn't freeware but gives more advanced possibilities than active ports (like integrated packet sniffer, socket spy, and the quantity of data sent by each process). also, for the paranoid with a lot of time to learn a new tool, i could advise to look at Snort (www.snort.org). Open Source Network Intrusion Detection System. Very interesting features, but far too complicated (command line option type) for me though :p
0
 

Accepted Solution

by:
isamu_2000 earned 400 total points
ID: 10456813
I think the simple answer to this is that emule is using the bandwidth to maintain connection to the servers and also to fulfill search request reponses (since there is no way to disable the upload function in emule/edonkey).
0
 
LVL 1

Author Comment

by:fabricedeparis
ID: 11423582
Sorry for forgetting that question. Yes, in the end it was just emule overhead bandwidth consumption. It went down drastically with a new version of emule. Well, I lernet how to use a port scanner at leat :)

Thanks Isamu, and cheers everyone,

Fabrice
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In a recent article here at Experts Exchange (http://www.experts-exchange.com/articles/18880/PaperPort-14-in-Windows-10-A-First-Look.html), I discussed my nine-month sandbox testing of the Windows 10 Technical Preview, specifically with respect to r…
Recently, I read that Microsoft has analysed statistics for their security intelligence report. It revealed: still, the clear majority of windows users do their daily work as administrator. An administrative account is a burden, security-wise. My ar…
Are you ready to place your question in front of subject-matter experts for more timely responses? With the release of Priority Question, Premium Members, Team Accounts and Qualified Experts can now identify the emergent level of their issue, signal…
In a question here at Experts Exchange (https://www.experts-exchange.com/questions/29062564/Adobe-acrobat-reader-DC.html), a member asked how to create a signature in Adobe Acrobat Reader DC (the free Reader product, not the paid, full Acrobat produ…
Suggested Courses

609 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question