Solved

Network Connections

Posted on 2008-06-11
5
219 Views
Last Modified: 2013-12-04
Is there a way to keep a log file of network connections throughout the day and receive notifications when I receive a connection from certain hosts?
0
Comment
Question by:Jon2418
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 3

Assisted Solution

by:Trivious
Trivious earned 150 total points
ID: 21760620
Wireshark . . . . its a packet sniffer you could use to monitor just your IP, but the logs would get huge from so much traffic. Have you watched event viewer? There is a security section to see failed logons and such.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 350 total points
ID: 21772214
Event viewer would be best... here are a series of sample scripts you could run, the notification part isn't built in if your running these on another computer, but it could be adapted easily enough to send a "net use" or possibly an email.
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1026.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr08/hey0421.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/feb07/hey0226.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug05/hey0816.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0404.mspx
However, first you must enable auditing of file/folder access... then specify the files or folders you want to watch, heres how you do that: http://support.microsoft.com/kb/310399

Or try the sysinternals apps from M$
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx This should be able to dump certain events.
The whole suite: http://download.sysinternals.com/Files/SysinternalsSuite.zip
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 21772252
Stupid me!! Haha, I love using KIWI syslog... I must be more tired than I thought ;)
http://www.kiwisyslog.com/products/
-rich
0
 

Author Comment

by:Jon2418
ID: 21903124
I downloaded Kiwi but do not understand how you would use it to detect an unwelcome listener.  Is there a way to have it sweep the ports every so often for listeners?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 350 total points
ID: 21904146
kiwi is an event log parser and alerter. When certain events are logged, this tool will automatically alert you to the event's you specify are of interest. You must have events your curious about logged, which usually means you have to turn on more logging than the default windows logging settings. Authentication success/failure is logged typically by default. If your interested in when someone accesses a certain share or file perhaps, you need to turn up the logging features and also configure those files and or folders. Here is a M$ KB article on how to do this on share/folder access: http://support.microsoft.com/kb/310399 http://technet2.microsoft.com/windowsserver/en/library/ecf63dcf-17e7-4279-91ff-beb11bd0d6881033.mspx?mfr=true

Snare is also a popular event log alerting software: http://www.intersectalliance.com/projects/SnareWindows/index.html
It may meet your requirements, as it has a nice filter option so you could look for specific usernames: http://www.intersectalliance.com/projects/SnareWindows/obj_edit.png
-rich
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

SHARE your personal details only on a NEED to basis. Take CHARGE and SECURE your IDENTITY. How do I then PROTECT myself and stay in charge of my own Personal details (and) - MY own WAY...
Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Come and listen to Percona CEO Peter Zaitsev discuss what’s new in Percona open source software, including Percona Server for MySQL (https://www.percona.com/software/mysql-database/percona-server) and MongoDB (https://www.percona.com/software/mongo-…
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question