Solved

Network Connections

Posted on 2008-06-11
5
213 Views
Last Modified: 2013-12-04
Is there a way to keep a log file of network connections throughout the day and receive notifications when I receive a connection from certain hosts?
0
Comment
Question by:Jon2418
  • 3
5 Comments
 
LVL 3

Assisted Solution

by:Trivious
Trivious earned 150 total points
ID: 21760620
Wireshark . . . . its a packet sniffer you could use to monitor just your IP, but the logs would get huge from so much traffic. Have you watched event viewer? There is a security section to see failed logons and such.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 350 total points
ID: 21772214
Event viewer would be best... here are a series of sample scripts you could run, the notification part isn't built in if your running these on another computer, but it could be adapted easily enough to send a "net use" or possibly an email.
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1026.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr08/hey0421.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/feb07/hey0226.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug05/hey0816.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0404.mspx
However, first you must enable auditing of file/folder access... then specify the files or folders you want to watch, heres how you do that: http://support.microsoft.com/kb/310399

Or try the sysinternals apps from M$
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx This should be able to dump certain events.
The whole suite: http://download.sysinternals.com/Files/SysinternalsSuite.zip
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 21772252
Stupid me!! Haha, I love using KIWI syslog... I must be more tired than I thought ;)
http://www.kiwisyslog.com/products/
-rich
0
 

Author Comment

by:Jon2418
ID: 21903124
I downloaded Kiwi but do not understand how you would use it to detect an unwelcome listener.  Is there a way to have it sweep the ports every so often for listeners?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 350 total points
ID: 21904146
kiwi is an event log parser and alerter. When certain events are logged, this tool will automatically alert you to the event's you specify are of interest. You must have events your curious about logged, which usually means you have to turn on more logging than the default windows logging settings. Authentication success/failure is logged typically by default. If your interested in when someone accesses a certain share or file perhaps, you need to turn up the logging features and also configure those files and or folders. Here is a M$ KB article on how to do this on share/folder access: http://support.microsoft.com/kb/310399 http://technet2.microsoft.com/windowsserver/en/library/ecf63dcf-17e7-4279-91ff-beb11bd0d6881033.mspx?mfr=true

Snare is also a popular event log alerting software: http://www.intersectalliance.com/projects/SnareWindows/index.html
It may meet your requirements, as it has a nice filter option so you could look for specific usernames: http://www.intersectalliance.com/projects/SnareWindows/obj_edit.png
-rich
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In today's information driven age, entrepreneurs have so many great tools and options at their disposal to help turn good ideas into a thriving business. With cloud-based online services, such as Amazon's Web Services (AWS) or Microsoft's Azure, bus…
No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
Microsoft Active Directory, the widely used IT infrastructure, is known for its high risk of credential theft. The best way to test your Active Directory’s vulnerabilities to pass-the-ticket, pass-the-hash, privilege escalation, and malware attacks …

808 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question