Security Basics mailing list archives
Re: Home PC Networking
From: Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>
Date: Wed, 29 Nov 2006 20:06:43 +0100
On 2006-11-29 Yousef Syed wrote:
For part of my problem I think that would be ideal, but I didn't want to commit to that until I'd heard any other suggestions from anyone else. I don't recall if Smoothwall will tell me "what application has made the call". I cannot find that information on Ethereal, either.
On Windows nothing will be able to tell you in an (even remotely) reliable way what application originally "made the call", since there are numerous ways to remotely control other software. In case you're only interested in the application that actually made the connection: Port Reporter will provide you with that information.
For some reason I've got multiple continuous calls being made from my PC to my Router's port 49152. Whatever it is, is looping through every port on my PC to make the calls. I've used Sys Internal's Process Explorer, but I can't find anything suspicious.
Process Explorer is for monitoring processes, not for monitoring network traffic. Try TCPView [1] or "netstat -anob". Also inspect the suspicious packets with a sniffer (e.g. Wireshark [2]). The packets' content may give you additional pointers. [1] http://www.microsoft.com/technet/sysinternals/Networking/TcpView.mspx [2] http://www.wireshark.org/ Regards Ansgar Wiechers -- "All vulnerabilities deserve a public fear period prior to patches becoming available." --Jason Coombs on Bugtraq
Current thread:
- Re: Home PC Networking Ansgar -59cobalt- Wiechers (Dec 01)
- <Possible follow-ups>
- Re: Home PC Networking Ansgar -59cobalt- Wiechers (Dec 01)
- Re: Home PC Networking Yousef Syed (Dec 01)
- Re: Home PC Networking Yousef Syed (Dec 01)
- Re: Re: Home PC Networking 0xtwentytwo (Dec 01)
- Re[2]: Home PC Networking gmx (Dec 04)