Solved

Network Connections

Posted on 2008-06-11
5
216 Views
Last Modified: 2013-12-04
Is there a way to keep a log file of network connections throughout the day and receive notifications when I receive a connection from certain hosts?
0
Comment
Question by:Jon2418
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 3

Assisted Solution

by:Trivious
Trivious earned 150 total points
ID: 21760620
Wireshark . . . . its a packet sniffer you could use to monitor just your IP, but the logs would get huge from so much traffic. Have you watched event viewer? There is a security section to see failed logons and such.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 350 total points
ID: 21772214
Event viewer would be best... here are a series of sample scripts you could run, the notification part isn't built in if your running these on another computer, but it could be adapted easily enough to send a "net use" or possibly an email.
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1026.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr08/hey0421.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/feb07/hey0226.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug05/hey0816.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0404.mspx
However, first you must enable auditing of file/folder access... then specify the files or folders you want to watch, heres how you do that: http://support.microsoft.com/kb/310399

Or try the sysinternals apps from M$
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx This should be able to dump certain events.
The whole suite: http://download.sysinternals.com/Files/SysinternalsSuite.zip
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 21772252
Stupid me!! Haha, I love using KIWI syslog... I must be more tired than I thought ;)
http://www.kiwisyslog.com/products/
-rich
0
 

Author Comment

by:Jon2418
ID: 21903124
I downloaded Kiwi but do not understand how you would use it to detect an unwelcome listener.  Is there a way to have it sweep the ports every so often for listeners?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 350 total points
ID: 21904146
kiwi is an event log parser and alerter. When certain events are logged, this tool will automatically alert you to the event's you specify are of interest. You must have events your curious about logged, which usually means you have to turn on more logging than the default windows logging settings. Authentication success/failure is logged typically by default. If your interested in when someone accesses a certain share or file perhaps, you need to turn up the logging features and also configure those files and or folders. Here is a M$ KB article on how to do this on share/folder access: http://support.microsoft.com/kb/310399 http://technet2.microsoft.com/windowsserver/en/library/ecf63dcf-17e7-4279-91ff-beb11bd0d6881033.mspx?mfr=true

Snare is also a popular event log alerting software: http://www.intersectalliance.com/projects/SnareWindows/index.html
It may meet your requirements, as it has a nice filter option so you could look for specific usernames: http://www.intersectalliance.com/projects/SnareWindows/obj_edit.png
-rich
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Article by: btan
The intent is not to repeat what many has know about Ransomware but more to join its dots of what is it, who are the victims, why it exists, when and how we respond on infection. Lastly, sum up in a glance to share such information with more to help…
Our Group Policy work started with Small Business Server in 2000. Microsoft gave us an excellent OU and GPO model in subsequent SBS editions that utilized WMI filters, OU linking, and VBS scripts. These are some of experiences plus our spending a lo…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question