Re: Home PC Networking

[Ansgar -59cobalt- Wiechers <bugtraq () planetcobalt net>]

On 2006-11-29 Yousef Syed wrote:
> For part of my problem I think that would be ideal, but I didn't want
> to commit to that until I'd heard any other suggestions from anyone
> else. I don't recall if Smoothwall will tell me "what application has
> made the call". I cannot find that information on Ethereal, either.

On Windows nothing will be able to tell you in an (even remotely)
reliable way what application originally "made the call", since there
are numerous ways to remotely control other software. In case you're
only interested in the application that actually made the connection:
Port Reporter will provide you with that information.

> For some reason I've got multiple continuous calls being made from my
> PC to my Router's port 49152. Whatever it is, is looping through every
> port on my PC to make the calls.
> I've used Sys Internal's Process Explorer, but I can't find anything
> suspicious.

Process Explorer is for monitoring processes, not for monitoring network
traffic. Try TCPView [1] or "netstat -anob". Also inspect the suspicious
packets with a sniffer (e.g. Wireshark [2]). The packets' content may
give you additional pointers.

[1] http://www.microsoft.com/technet/sysinternals/Networking/TcpView.mspx
[2] http://www.wireshark.org/

Regards
Ansgar Wiechers
-- 
"All vulnerabilities deserve a public fear period prior to patches
becoming available."
--Jason Coombs on Bugtraq