?
Solved

Network Connections

Posted on 2008-06-11
5
Medium Priority
?
224 Views
Last Modified: 2013-12-04
Is there a way to keep a log file of network connections throughout the day and receive notifications when I receive a connection from certain hosts?
0
Comment
Question by:Jon2418
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
5 Comments
 
LVL 3

Assisted Solution

by:Trivious
Trivious earned 600 total points
ID: 21760620
Wireshark . . . . its a packet sniffer you could use to monitor just your IP, but the logs would get huge from so much traffic. Have you watched event viewer? There is a security section to see failed logons and such.
0
 
LVL 38

Assisted Solution

by:Rich Rumble
Rich Rumble earned 1400 total points
ID: 21772214
Event viewer would be best... here are a series of sample scripts you could run, the notification part isn't built in if your running these on another computer, but it could be adapted easily enough to send a "net use" or possibly an email.
http://www.microsoft.com/technet/scriptcenter/resources/qanda/oct04/hey1026.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr08/hey0421.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/feb07/hey0226.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/aug05/hey0816.mspx
http://www.microsoft.com/technet/scriptcenter/resources/qanda/apr05/hey0404.mspx
However, first you must enable auditing of file/folder access... then specify the files or folders you want to watch, heres how you do that: http://support.microsoft.com/kb/310399

Or try the sysinternals apps from M$
http://technet.microsoft.com/en-us/sysinternals/bb897544.aspx This should be able to dump certain events.
The whole suite: http://download.sysinternals.com/Files/SysinternalsSuite.zip
-rich
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 21772252
Stupid me!! Haha, I love using KIWI syslog... I must be more tired than I thought ;)
http://www.kiwisyslog.com/products/
-rich
0
 

Author Comment

by:Jon2418
ID: 21903124
I downloaded Kiwi but do not understand how you would use it to detect an unwelcome listener.  Is there a way to have it sweep the ports every so often for listeners?
0
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 1400 total points
ID: 21904146
kiwi is an event log parser and alerter. When certain events are logged, this tool will automatically alert you to the event's you specify are of interest. You must have events your curious about logged, which usually means you have to turn on more logging than the default windows logging settings. Authentication success/failure is logged typically by default. If your interested in when someone accesses a certain share or file perhaps, you need to turn up the logging features and also configure those files and or folders. Here is a M$ KB article on how to do this on share/folder access: http://support.microsoft.com/kb/310399 http://technet2.microsoft.com/windowsserver/en/library/ecf63dcf-17e7-4279-91ff-beb11bd0d6881033.mspx?mfr=true

Snare is also a popular event log alerting software: http://www.intersectalliance.com/projects/SnareWindows/index.html
It may meet your requirements, as it has a nice filter option so you could look for specific usernames: http://www.intersectalliance.com/projects/SnareWindows/obj_edit.png
-rich
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

No security measures warrant 100% as a "silver bullet". The truth is we also cannot assume anything but a defensive and vigilance posture. Adopt no trust by default and reveal in assumption. Only assume anonymity or invisibility in the reverse. Safe…
OfficeMate Freezes on login or does not load after login credentials are input.
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
In this video you will find out how to export Office 365 mailboxes using the built in eDiscovery tool. Bear in mind that although this method might be useful in some cases, using PST files as Office 365 backup is troublesome in a long run (more on t…
Suggested Courses
Course of the Month12 days, 12 hours left to enroll

777 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question