I want a software to monitor applications that connect to network

Hi
Is there any software that monitor the running applications? My requirements are:

What application is connected to what site and what is downloading at the moment.

Something like netstat but with more details (the file being downloaded and the exact application responsible) .

Thanks in advance
LVL 10
Arman KhodabandeIT Manager and ConsultantAsked:
Who is Participating?
 
eXpeLLeD_4RM_heLLCommented:
Open Wireshark and choose Capture Options.
Where it says Interface choose Local and choose your NIC.
Leave all settings as default except for Name Resolution. Tick all three boxes under Name Resolution. Then click on Start.
This will list all packets to and from your NIC, listing the port and protocol affected.

you will need some networking expertise to read the packet info correctly.

from the Wireshark help Files regarding Name resolution :

7.7.1. Name Resolution drawbacks
Name resolution can be invaluable while working with Wireshark and may even save you hours of work. Unfortunately, it also has its drawbacks.

Name resolution will often fail. The name to be resolved might simply be unknown by the name servers asked or the servers are just not available and the name is also not found in Wireshark's configuration files.

The resolved names are not stored in the capture file or somewhere else. So the resolved names might not be available if you open the capture file later or on a different machine. Each time you open a capture file it may look "slightly different", maybe simply because you can't connect to a name server (which you could connect before).

DNS may add additional packets to your capture file. You may see packets to/from your machine in your capture file, which are caused by name resolution network services of the machine Wireshark captures from. XXX - are there any other such packets than DNS ones?

Resolved DNS names are cached by Wireshark. This is required for acceptable performance. However, if the name resolution information should change while Wireshark is running, Wireshark won't notice a change to the name resolution information once it gets cached. If this information changes while Wireshark is running, e.g. a new DHCP lease takes effect, Wireshark won't notice it. XXX - is this true for all or only for DNS info?

 Tip!
The name resolution in the packet list is done while the list is filled. If a name could be resolved after a packet was added to the list, that former entry won't be changed. As the name resolution results are cached, you can use "View/Reload" to rebuild the packet list, this time with the correctly resolved names. However, this isn't possible while a capture is in progress.


 

0
 
Ashok DewanFreelancerCommented:
http://www.nirsoft.net/utils/cports.html
1. currports

and process hacker

and tcp view
0
 
eXpeLLeD_4RM_heLLCommented:
I have used Wireshark, it gives a list of IP addresses, it useful in analysing network traffic as well as which ports are currently being used and by whom

http://www.wireshark.org/


And its free
0
Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

 
Dr. KlahnPrincipal Software EngineerCommented:
Would Microsoft TCP View be suitable?
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
Thank you all
The softwares you suggested just show the main site. But I want the exact address that the applications are connected to.
These softwares just show the IP address and the domain name.
Can Wireshark do such a thing? I couldn't do anything with it as it's interface was a little confusing!
0
 
Ravi AgrawalCommented:
I think that there is an option to resolve IP addresses to names in tcpview. You should find it under Options or by rightclicking main area where list of connections is displayed.

It may not resolve all IP addresses though but quite many.

Ravi.
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
The IP address is related to the domain!
Again I should say that the exact address is needed!
I don't want "www.example.com"
I want this : "www.example.com/example-dir/(example-file.htm) > if possible for files)
0
 
Dr. KlahnPrincipal Software EngineerCommented:
It is not possible to get to that level of precision without intrusively monitoring all outgoing packets and parsing the packet content.  There may be something out there that does this, but it would probably run on a dedicated internet firewall and not on a client machine.
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
But I think Wireshark can do this but I'm not familiar with it's interface.
Because it can capture and analyze the packets.
Can anyone explain the way to use wireshark and accomplish that?
0
 
eXpeLLeD_4RM_heLLCommented:
Wiki for Wireshark :
http://wiki.wireshark.org/

Wireshark User Guide :"
http://www.wireshark.org/docs/wsug_html/
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
I know the above resources but they're so complicated and confusing!
Can you briefly show the way?
Thanks
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
Anyone?
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
Thanks, I'll give it a try . . .
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
Thanks eXpeLLeD_4RM_heLL !
It worked and I found how to do the job! I captured it and found the database of a site of a lot of INI files which the the software used!

Thank you all
0
 
Arman KhodabandeIT Manager and ConsultantAuthor Commented:
Thanks guys.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.