Solved

Windows network security : how to know what data I am sending and Where ? + anti hacking intrusion services

Posted on 2003-11-03
7
231 Views
Last Modified: 2013-12-04
Hello all,

I am on windows XP home, and am using the XP firewall.

I'm using a peer to peer program (emule) and an internet traffic monitor (networx).
It looks like the outgoing traffic is much more important than the one I authorize (I've capped it at 7kbytes in emule, and it shows 15 in Nteworx). I'm not doing any other thing Internet related.

I have already conducted an extensive virus scan to look for possible troyans or other backdoors, with no result.

I wonder if there really is additional traffic, if yes, what is this overhead traffic and where it goes. I would like to know if there is a simple program to determine what files I am sending and to what IP address.

Thanks if you can point me to a good (and simple) program for doing that. If that program has anti hacking services included, even better.

best regards,

Fabrice
0
Comment
Question by:fabricedeparis
7 Comments
 
LVL 3

Expert Comment

by:nonsence
ID: 9672614
here's a nice simple to use program that does the job and is free for windows

http://download.com.com/3000-2085-10062969.html?part=65960%20&subj=dlpage&tag=button

it doesn't capture data or anything. just shows what's open, what file is accessing hte internet and what ip it's connected to on what port, etc etc. all in a one window graph. it's great
0
 
LVL 5

Expert Comment

by:juliancrawford
ID: 9675825
I use a free program called Vision from Foundstone for this network analysis.
http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/proddesc/vision.htm

This also shows you what IPs are connecting to your system ,what ports and what programs - it also allows you to terminate any unwanted critters ;)
0
 
LVL 24

Expert Comment

by:SunBow
ID: 9678255
> how to know what data I am sending and Where ? + anti hacking intrusion services

The first step is to install and run ZoneAlarm firewall (or Sygate). Block everything. Now:

simply watch what is attempted for being sent.  For free, you do get the destination and the process, port, but not the files.  Traffic is about more than files, but if you get the first few pieces, you can find more. Especially important if not permitted (which is purpose of ZA, to stop the unpermitted).
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 
LVL 1

Author Comment

by:fabricedeparis
ID: 9754613
Hi there,

I've made several tests, and I'm a little nonplussed. I've tried the different portscanners suggested, very simple to use, not that easy to understand. So i didn't make much of that intel. Only that

So I came back to simple testing. If I stop my peer to peer service (emule) the upload rate nearly instantaneously falls down to under 2kb/s. So it seems that if there is haemorragy somewhere that's where it happens. This is confirmed by the port scanner.
However inside emule, as I mentioned, i never go above 7kb/s with an average around 5.

If I try an FTP upload without emule, on my provider FTP, I get around 8kb/s average, with a max at 10.

I'm starting to suspect that it could simply be a combination emule using a lot of upload traffic for "additional" tasks (whatever those can be, setting up connection, etc...) and reporting only on the main tasks (exchanging files), and a current poor performance of my ISP in terms of upload capacity.

For Sunbow : I already use XP firewall. I can install ZA, but I don't see what else it would teach me since stopping emule seems to stop outgoing traffic, and I am a little cautious with firewall installations since last time I tested another, (the firewall from Ontrack systemsuite) it simply rebooted my system each time it started (at boot).

Anyway, I just leave this topic open a little more in case someone can prove the following statement wrong :

it seems there is no simple way of knowing what is the source (file) of the data that is being sent, but only where you send it,through what port and via what application. Maybe through the use of packet sniffers or that sort of tool can you know what the data sent really is (especially if it comes from a specific file, and not from an application tunneling it), but those tools seem fairly difficult to use to me.

Anyone got a better view on this ?

Cheers,

Fabrice

PS : just for mentioning in case it interests someone dropping on this topic  in the future, I also tested DiamondCS Port explorer, which isn't freeware but gives more advanced possibilities than active ports (like integrated packet sniffer, socket spy, and the quantity of data sent by each process). also, for the paranoid with a lot of time to learn a new tool, i could advise to look at Snort (www.snort.org). Open Source Network Intrusion Detection System. Very interesting features, but far too complicated (command line option type) for me though :p
0
 

Accepted Solution

by:
isamu_2000 earned 100 total points
ID: 10456813
I think the simple answer to this is that emule is using the bandwidth to maintain connection to the servers and also to fulfill search request reponses (since there is no way to disable the upload function in emule/edonkey).
0
 
LVL 1

Author Comment

by:fabricedeparis
ID: 11423582
Sorry for forgetting that question. Yes, in the end it was just emule overhead bandwidth consumption. It went down drastically with a new version of emule. Well, I lernet how to use a port scanner at leat :)

Thanks Isamu, and cheers everyone,

Fabrice
0

Featured Post

Backup Your Microsoft Windows Server®

Backup all your Microsoft Windows Server – on-premises, in remote locations, in private and hybrid clouds. Your entire Windows Server will be backed up in one easy step with patented, block-level disk imaging. We achieve RTOs (recovery time objectives) as low as 15 seconds.

Join & Write a Comment

Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
Container Orchestration platforms empower organizations to scale their apps at an exceptional rate. This is the reason numerous innovation-driven companies are moving apps to an appropriated datacenter wide platform that empowers them to scale at a …
Excel styles will make formatting consistent and let you apply and change formatting faster. In this tutorial, you'll learn how to use Excel's built-in styles, how to modify styles, and how to create your own. You'll also learn how to use your custo…
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now