Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: RE: Any tools to log the traffic/process information on Windows startup?

From: "Michael Painter" <tvhawaii () shaka com>
Date: Thu, 22 May 2008 19:55:17 -1000
I installed M'soft's Port Reporter and 'Autoruns' shows it in [HKLM\System\CurrentControlSet\Services] . I suppose that's as good as it gets as far as running something early in the boot sequence.(?) 
After bootup, Port Reporter Parser shows exactly the same thing as AW Ports Traffic Analyzer, fwiw, but AWPTA runs from
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup. Hopefully I don't have any malware or rootkits on my box either, so my tests aren't that good.<g> 

I suppose sniffing the wire with another box would be the best approach as far as "traffic" goes?

--Michael
----- Original Message ----- From: "Kelly Keeton" <kellyrkeeton () gmail com> 
To: <security-basics () securityfocus com>
Sent: Thursday, May 22, 2008 6:33 AM
Subject: Re: RE: Any tools to log the traffic/process information on Windows startup?



ok I can agree with the OP requirements, as far as the last Q to force
it to load before anything else you would need to load as a driver to
get in at the kernel level.

anything that is loaded via registry, win.ini startup could have
something load before it with a good root kit in the case of a virus.

IMO you would need to run a wireshark in tandem with a PID/Port
watcher or use the microsoft product in prior email I assume that is a
driver loaded application

On Thu, May 22, 2008 at 12:02 AM, Michael Painter <tvhawaii () shaka com> wrote:


----- Original Message ----- From: "Kelly Keeton" <kellyrkeeton () gmail com>
To: <security-basics () securityfocus com>
Sent: Wednesday, May 21, 2008 12:54 PM
Subject: Re: RE: Any tools to log the traffic/process information on Windows
startup?



that tool looks horrible, who would pay for this function?!?! no
offense but that looks like a VB6 app from hell.

why not use free things like sysinternals.com or nirsoft tools? they
do the EXACT SAME THING for free and are not coded in VB6

when i need a tool to scan ports i don't want it also "synching time"

On Wed, May 21, 2008 at 2:03 PM,  <gpickett71 () yahoo com> wrote:


A good tool is AW Ports Traffic Analyzer.  You can check it out at
http://www.atelierweb.com/pta/.  It has a demonstration mode that is fully
functioning but logs only 3MB worth of data.  The full version which is
pretty cheap will log up to 500MB.





I don't see the  EXACT SAME THING at all.
I took some time and re-sized the windows/partitions/columns (which it
remembers!), and this tool is actually pretty nice.
The 3MB buffer of the free edition could be enough to do what the OP
wanted...log the startups.


when i need a tool to scan ports i don't want it also "synching time"<<


What, exactly, do you mean by this?

My question is how do you make sure it runs before anything else is started?
  Put it the Startup Folder? Registry? Win.ini?

Thanks,

--Michael
Previous By Date Next
Previous By Thread Next

Current thread: