Security Basics mailing list archives
Re: RE: Any tools to log the traffic/process information on Windows startup?
From: "Michael Painter" <tvhawaii () shaka com>
Date: Mon, 26 May 2008 17:46:57 -1000
The hijackthis suggestion sounded good...were you able to find anything? One tool that I haven't seen mentioned here before is WinPatrol. http://www.winpatrol.com/Similar to Autoruns, and has a free version, but the Plus version is well worth the $30/lifetime cost in my book since getting detailed info is just a mouseclick away.
It shows some things I don't see with Autoruns. There's a version for USB flash drives. Another free program which associates IP connections with programs/processes/services is What's Running. http://www.whatsrunning.net/whatsrunning/main.aspx --Michael----- Original Message ----- From: "Yan Zhai" <yanzhai () gmail com>
To: "kunwon1" <dave.j.moore () gmail com> Cc: <security-basics () securityfocus com>; <tvhawaii () shaka com> Sent: Friday, May 23, 2008 10:32 AM Subject: Re: RE: Any tools to log the traffic/process information on Windows startup?
I am having the same problem -- I installed the portReporter as an automatic service, but it cannot catch those questionable traffic (UDP, 0 byte sent, 540 bytes received, from either China or Poland). It seems that the connections take place before the service starts? As to the external sniffers, they are really not very helpful in this situation, since what we really want to figure out is which program(s) are involved in those suspecious traffic. Yan On 5/23/08, kunwon1 <dave.j.moore () gmail com> wrote:On Fri, May 23, 2008 at 12:55 AM, Michael Painter <tvhawaii () shaka com> wrote: > I suppose sniffing the wire with another box would be the best approach as > far as "traffic" goes? > The very best approach would be to put your scanner between the box in question and the WAN. I'm fairly certain that iptables can be configured to log everything that passes through, and that way you're guaranteed to get 100% of the traffic. -- ========== A human being should be able to change a diaper, plan an invasion, butcher a hog, conn a ship, design a building, write a sonnet, balance accounts, build a wall, set a bone, comfort the dying, take orders, give orders, cooperate, act alone, solve equations, analyze a new problem, pitch manure, program a computer, cook a tasty meal, fight efficiently, die gallantly. Specialization is for insects. -Heinlein This message copyright (c) 2004-2007 David J Moore-- Use Snort, the de facto standard for Intrusion Detection ,,__ o" )~ oink oink' ' ' '
Current thread:
- RE: Any tools to log the traffic/process information on Windows startup?, (continued)
- RE: Any tools to log the traffic/process information on Windows startup? Tyler, Grayling (May 21)
- Re: Any tools to log the traffic/process information on Windows startup? Jørgen Hovelsen (May 25)
- Re: Any tools to log the traffic/process information on Windows startup? krymson (May 21)
- Re: RE: Any tools to log the traffic/process information on Windows startup? gpickett71 (May 21)
- Re: RE: Any tools to log the traffic/process information on Windows startup? Kelly Keeton (May 21)
- Re: RE: Any tools to log the traffic/process information on Windows startup? Michael Painter (May 22)
- Re: RE: Any tools to log the traffic/process information on Windows startup? Kelly Keeton (May 22)
- Re: RE: Any tools to log the traffic/process information on Windows startup? Michael Painter (May 23)
- Re: RE: Any tools to log the traffic/process information on Windows startup? kunwon1 (May 23)
- Re: RE: Any tools to log the traffic/process information on Windows startup? Yan Zhai (May 23)
- Re: RE: Any tools to log the traffic/process information on Windows startup? Michael Painter (May 27)
- Re: RE: Any tools to log the traffic/process information on Windows startup? Kelly Keeton (May 21)
- Re: Any tools to log the traffic/process information on Windows startup? Michael Painter (May 26)