[Last Call] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 388
  • Last Modified:

I want a software to monitor applications that connect to network

Hi
Is there any software that monitor the running applications? My requirements are:

What application is connected to what site and what is downloading at the moment.

Something like netstat but with more details (the file being downloaded and the exact application responsible) .

Thanks in advance
0
Arman Khodabande
Asked:
Arman Khodabande
  • 8
  • 3
  • 2
  • +2
6 Solutions
 
Ashok DewanCommented:
http://www.nirsoft.net/utils/cports.html
1. currports

and process hacker

and tcp view
0
 
eXpeLLeD_4RM_heLLCommented:
I have used Wireshark, it gives a list of IP addresses, it useful in analysing network traffic as well as which ports are currently being used and by whom

http://www.wireshark.org/


And its free
0
 
Dr. KlahnPrincipal Software EngineerCommented:
Would Microsoft TCP View be suitable?
0
Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

 
Arman KhodabandeAuthor Commented:
Thank you all
The softwares you suggested just show the main site. But I want the exact address that the applications are connected to.
These softwares just show the IP address and the domain name.
Can Wireshark do such a thing? I couldn't do anything with it as it's interface was a little confusing!
0
 
Ravi AgrawalCommented:
I think that there is an option to resolve IP addresses to names in tcpview. You should find it under Options or by rightclicking main area where list of connections is displayed.

It may not resolve all IP addresses though but quite many.

Ravi.
0
 
Arman KhodabandeAuthor Commented:
The IP address is related to the domain!
Again I should say that the exact address is needed!
I don't want "www.example.com"
I want this : "www.example.com/example-dir/(example-file.htm) > if possible for files)
0
 
Dr. KlahnPrincipal Software EngineerCommented:
It is not possible to get to that level of precision without intrusively monitoring all outgoing packets and parsing the packet content.  There may be something out there that does this, but it would probably run on a dedicated internet firewall and not on a client machine.
0
 
Arman KhodabandeAuthor Commented:
But I think Wireshark can do this but I'm not familiar with it's interface.
Because it can capture and analyze the packets.
Can anyone explain the way to use wireshark and accomplish that?
0
 
eXpeLLeD_4RM_heLLCommented:
Wiki for Wireshark :
http://wiki.wireshark.org/

Wireshark User Guide :"
http://www.wireshark.org/docs/wsug_html/
0
 
Arman KhodabandeAuthor Commented:
I know the above resources but they're so complicated and confusing!
Can you briefly show the way?
Thanks
0
 
Arman KhodabandeAuthor Commented:
Anyone?
0
 
eXpeLLeD_4RM_heLLCommented:
Open Wireshark and choose Capture Options.
Where it says Interface choose Local and choose your NIC.
Leave all settings as default except for Name Resolution. Tick all three boxes under Name Resolution. Then click on Start.
This will list all packets to and from your NIC, listing the port and protocol affected.

you will need some networking expertise to read the packet info correctly.

from the Wireshark help Files regarding Name resolution :

7.7.1. Name Resolution drawbacks
Name resolution can be invaluable while working with Wireshark and may even save you hours of work. Unfortunately, it also has its drawbacks.

Name resolution will often fail. The name to be resolved might simply be unknown by the name servers asked or the servers are just not available and the name is also not found in Wireshark's configuration files.

The resolved names are not stored in the capture file or somewhere else. So the resolved names might not be available if you open the capture file later or on a different machine. Each time you open a capture file it may look "slightly different", maybe simply because you can't connect to a name server (which you could connect before).

DNS may add additional packets to your capture file. You may see packets to/from your machine in your capture file, which are caused by name resolution network services of the machine Wireshark captures from. XXX - are there any other such packets than DNS ones?

Resolved DNS names are cached by Wireshark. This is required for acceptable performance. However, if the name resolution information should change while Wireshark is running, Wireshark won't notice a change to the name resolution information once it gets cached. If this information changes while Wireshark is running, e.g. a new DHCP lease takes effect, Wireshark won't notice it. XXX - is this true for all or only for DNS info?

 Tip!
The name resolution in the packet list is done while the list is filled. If a name could be resolved after a packet was added to the list, that former entry won't be changed. As the name resolution results are cached, you can use "View/Reload" to rebuild the packet list, this time with the correctly resolved names. However, this isn't possible while a capture is in progress.


 

0
 
Arman KhodabandeAuthor Commented:
Thanks, I'll give it a try . . .
0
 
Arman KhodabandeAuthor Commented:
Thanks eXpeLLeD_4RM_heLL !
It worked and I found how to do the job! I captured it and found the database of a site of a lot of INI files which the the software used!

Thank you all
0
 
Arman KhodabandeAuthor Commented:
Thanks guys.
0

Featured Post

Concerto's Cloud Advisory Services

Want to avoid the missteps to gaining all the benefits of the cloud? Learn more about the different assessment options from our Cloud Advisory team.

  • 8
  • 3
  • 2
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now