Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people, just like you, are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
Solved

what connections should be in my network connection logs?

Posted on 2016-10-20
6
32 Views
Last Modified: 2016-10-30
I'm trying to trace a hacker that's in my computer and phone as well...basically my entire network. I've been recording my network connections and PCAPs but there are so many captures that log how can I tell which ones to research and which ones are simply apps running in the bankground?
also if the title of a capture reads "unknown"is that an automatic red flag??
any advice is greatly appreciated.
0
Comment
Question by:Fulgencio Eres
  • 3
  • 2
6 Comments
 
LVL 93

Assisted Solution

by:John Hurst
John Hurst earned 500 total points
ID: 41852935
I suggest you get and install Comm View (Tamosoft). This will tell you on the main packet screen the Local and Remote IP, the Ports, the Hostname (if one) and the process used.

Any significant traffic (total bytes) to / from something you do not recognize is cause for concern.
0
 
LVL 70

Expert Comment

by:Merete
ID: 41853189
Try the Process Hacker it's free
A free, powerful, multi-purpose tool that helps you
monitor system resources, debug software and detect malware.
http://processhacker.sourceforge.net/
What makes you think you have been hacked?
What are the signs?
Do you have any Peer to peer software installed for downloading like Bittorrent/Gnutella Napster if so check if you have disabled the uploading.
With Peer to Peer the file-transfer load is distributed between the computers exchanging files, but file searches and transfers from your computer to others can cause bottlenecks.
Some people download files and immediately disconnect without allowing others to obtain files from their system, which is called leeching.
This limits the number of computers the software can search for the requested file.
0
 
LVL 93

Accepted Solution

by:
John Hurst earned 500 total points
ID: 41853197
Comm View reports this very nicely.

You could try Wireshark but I prefer Comm VIew because it does all this.
0
Microsoft Certification Exam 74-409

Veeam® is happy to provide the Microsoft community with a study guide prepared by MVP and MCT, Orin Thomas. This guide will take you through each of the exam objectives, helping you to prepare for and pass the examination.

 
LVL 70

Expert Comment

by:Merete
ID: 41854771
Your two questions should be in the same so that the information is relevant to both
what info is needed to have the cops research a cybercrime?
https://www.experts-exchange.com/questions/28977688/what-info-is-needed-to-have-the-cops-research-a-cybercrime.html
0
 

Author Comment

by:Fulgencio Eres
ID: 41866144
Thank you so much for replying (everyone)..
I have the report from CommView (I have WireShark also) what information is the information that is important?  what do I research more? what is the info needed for the police?
0
 
LVL 93

Expert Comment

by:John Hurst
ID: 41866150
The only information the police would want would be an identifiable external IP Address (that one can look up in Whois).
0

Featured Post

Ransomware-A Revenue Bonanza for Service Providers

Ransomware – malware that gets on your customers’ computers, encrypts their data, and extorts a hefty ransom for the decryption keys – is a surging new threat.  The purpose of this eBook is to educate the reader about ransomware attacks.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

You should read OS supplied guidelines before developing. I can't stress that enough. The guidelines will help you understand the reasons mobile app developers do what they do.  Apple is very particular when they review appstore submissions.
Today, still in the boom of Apple, PC's and products, nearly 50% of the computer users use Windows as graphical operating systems. If you are among those users who love windows, but are grappling to keep the system's hard drive optimized, then you s…
This video is in connection to the article "The case of a missing mobile phone (https://www.experts-exchange.com/articles/28474/The-Case-of-a-Missing-Mobile-Phone.html)". It will help one to understand clearly the steps to track a lost android phone.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

856 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question