Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 49
  • Last Modified:

what connections should be in my network connection logs?

I'm trying to trace a hacker that's in my computer and phone as well...basically my entire network. I've been recording my network connections and PCAPs but there are so many captures that log how can I tell which ones to research and which ones are simply apps running in the bankground?
also if the title of a capture reads "unknown"is that an automatic red flag??
any advice is greatly appreciated.
0
Fulgencio Eres
Asked:
Fulgencio Eres
  • 3
  • 2
2 Solutions
 
John HurstBusiness Consultant (Owner)Commented:
I suggest you get and install Comm View (Tamosoft). This will tell you on the main packet screen the Local and Remote IP, the Ports, the Hostname (if one) and the process used.

Any significant traffic (total bytes) to / from something you do not recognize is cause for concern.
0
 
MereteCommented:
Try the Process Hacker it's free
A free, powerful, multi-purpose tool that helps you
monitor system resources, debug software and detect malware.
http://processhacker.sourceforge.net/
What makes you think you have been hacked?
What are the signs?
Do you have any Peer to peer software installed for downloading like Bittorrent/Gnutella Napster if so check if you have disabled the uploading.
With Peer to Peer the file-transfer load is distributed between the computers exchanging files, but file searches and transfers from your computer to others can cause bottlenecks.
Some people download files and immediately disconnect without allowing others to obtain files from their system, which is called leeching.
This limits the number of computers the software can search for the requested file.
0
 
John HurstBusiness Consultant (Owner)Commented:
Comm View reports this very nicely.

You could try Wireshark but I prefer Comm VIew because it does all this.
0
NFR key for Veeam Agent for Linux

Veeam is happy to provide a free NFR license for one year.  It allows for the non‑production use and valid for five workstations and two servers. Veeam Agent for Linux is a simple backup tool for your Linux installations, both on‑premises and in the public cloud.

 
MereteCommented:
Your two questions should be in the same so that the information is relevant to both
what info is needed to have the cops research a cybercrime?
https://www.experts-exchange.com/questions/28977688/what-info-is-needed-to-have-the-cops-research-a-cybercrime.html
0
 
Fulgencio EresAuthor Commented:
Thank you so much for replying (everyone)..
I have the report from CommView (I have WireShark also) what information is the information that is important?  what do I research more? what is the info needed for the police?
0
 
John HurstBusiness Consultant (Owner)Commented:
The only information the police would want would be an identifiable external IP Address (that one can look up in Whois).
0

Featured Post

Prep for the ITIL® Foundation Certification Exam

December’s Course of the Month is now available! Enroll to learn ITIL® Foundation best practices for delivering IT services effectively and efficiently.

  • 3
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now