'Re: RE: Any tools to log the traffic/process information on Windows startup?'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: RE: Any tools to log the traffic/process information on Windows startup?
From:       "Michael Painter" <tvhawaii () shaka ! com>
Date:       2008-05-27 3:46:57
Message-ID: AB5D204E1B9D47AC87677E017AAC8821 () DELL16
[Download RAW message or body]

The hijackthis suggestion sounded good...were you able to find anything?

One tool that I haven't seen mentioned here before is WinPatrol.
http://www.winpatrol.com/
Similar to Autoruns, and has a free version, but the Plus version is well worth the \
$30/lifetime cost in my book since  getting detailed info is just a mouseclick away.
It shows some things I don't see with Autoruns.  There's a version for USB flash \
drives.

Another free program which associates IP connections with programs/processes/services \
is What's Running. http://www.whatsrunning.net/whatsrunning/main.aspx


--Michael

----- Original Message ----- 
From: "Yan Zhai" <yanzhai@gmail.com>
To: "kunwon1" <dave.j.moore@gmail.com>
Cc: <security-basics@securityfocus.com>; <tvhawaii@shaka.com>
Sent: Friday, May 23, 2008 10:32 AM
Subject: Re: RE: Any tools to log the traffic/process information on Windows startup?


> I am having the same problem -- I installed the portReporter as an
> automatic service, but it cannot catch those questionable traffic
> (UDP, 0 byte sent, 540 bytes received, from either China or Poland).
> It seems that the connections take place before the service starts?
> 
> As to the external sniffers, they are really not very helpful in this
> situation, since what we really want to figure out is which program(s)
> are involved in those suspecious traffic.
> 
> Yan
> 
> On 5/23/08, kunwon1 <dave.j.moore@gmail.com> wrote:
> > On Fri, May 23, 2008 at 12:55 AM, Michael Painter <tvhawaii@shaka.com> wrote:
> > 
> > > I suppose sniffing the wire with another box would be the best approach as
> > > far as "traffic" goes?
> > > 
> > 
> > 
> > The very best approach would be to put your scanner between the box in
> > question and the WAN. I'm fairly certain that iptables can be
> > configured to log everything that passes through, and that way you're
> > guaranteed to get 100% of the traffic.
> > 
> > --
> > ==========
> > A human being should be able to change a diaper, plan an invasion,
> > butcher a hog, conn a ship, design a building, write a sonnet, balance
> > accounts, build a wall, set a bone, comfort the dying, take orders,
> > give orders, cooperate, act alone, solve equations, analyze a new
> > problem, pitch manure, program a computer, cook a tasty meal, fight
> > efficiently, die gallantly. Specialization is for insects. -Heinlein
> > 
> > This message copyright (c) 2004-2007 David J Moore
> > 
> 
> 
> -- 
> Use Snort,  the de facto standard for Intrusion Detection
> ,,__
> o"     )~  oink oink
> ' ' ' ' 


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic