Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > network monitoring

Reply
Thread Tools

network monitoring

 
 
Zach
Guest
Posts: n/a
 
      09-16-2007
Hi

I would like a program (i use Windows XP) to monitor all of the
websites that I visit in real time.

I really want to know whether malware is accessing specific domains /
IPs, and I currently have no way of viewing this. What I dont want is
a tool to "spy" on a computer and monitor websites entered. Instead, I
need some kind of traffic analysis tool.

Thanks

Zach

 
Reply With Quote
 
 
 
 
why?
Guest
Posts: n/a
 
      09-16-2007

On Sun, 16 Sep 2007 18:07:45 -0000, Zach wrote:

>Hi
>
>I would like a program (i use Windows XP) to monitor all of the
>websites that I visit in real time.


Unless it's really vital real time isn't needed.

>I really want to know whether malware is accessing specific domains /


Get rid of the malware then you don't need to worry about what it's
connecting to.

>IPs, and I currently have no way of viewing this. What I dont want is
>a tool to "spy" on a computer and monitor websites entered. Instead, I


That contradicts what you said earlier, - all of the websites against
don't want a tool ... and monitor websites entered.

Simple method is running a web browser proxy, you change you browser
settings to run through the proxy, which logs requests from the browser.

There are quite a few, try any of the often posted shareware / freeware
sites mentioned in 24HSHD, search from
http://groups.google.com/group/24hou...elpdesk/topics
or
www.google.com
for
windows xp proxy server
http monitor

>need some kind of traffic analysis tool.


No you don't, you need a good AV, antispyware, FW that looks after all
this for you.

Look for ntop, various http monitors, simple sniffers, stuff from
snapfiles.com , iptraf , network probe lite (if still available)

For traffic, see http://www.wireshark.org/

Picking a random URL from bookmarks and running the above generates 217
frames of data when clicking the homepage button (to mozilla home). It's
very unlikely you need that. It is possible to setup filters of course.

For a simple GET a URL , the request looks like,

No. Time Source Destination Protocol
Info
1 0.000000 192.168.0.5 63.245.213.12 HTTP
GET /projects/seamonkey/ HTTP/1.1

Frame 1 (358 bytes on wire, 358 bytes captured)
Arrival Time: Sep 16, 2007 22:15:25.508634000
Time delta from previous packet: 0.000000000 seconds
Time since reference or first frame: 0.000000000 seconds
Frame Number: 1
Packet Length: 358 bytes
Capture Length: 358 bytes
Protocols in frame: eth:ip:tcp:http
Coloring Rule Name: Checksum Errors
Coloring Rule String: edp.checksum_bad==1 || ip.checksum_bad==1 ||
tcp.checksum_bad || udp.checksum_bad
Ethernet II, Src: 00:0e:0c:9c:6e:fb (00:0e:0c:9c:6e:fb), Dst:
00:a0:c5:e4:e9:c4 (00:a0:c5:e4:e9:c4)
Destination: 00:a0:c5:e4:e9:c4 (00:a0:c5:e4:e9:c4)
Address: 00:a0:c5:e4:e9:c4 (00:a0:c5:e4:e9:c4)
.... ...0 .... .... .... .... = Multicast: This is a UNICAST
frame
.... ..0. .... .... .... .... = Locally Administrated Address:
This is a FACTORY DEFAULT address
Source: 00:0e:0c:9c:6e:fb (00:0e:0c:9c:6e:fb)
Address: 00:0e:0c:9c:6e:fb (00:0e:0c:9c:6e:fb)
.... ...0 .... .... .... .... = Multicast: This is a UNICAST
frame
.... ..0. .... .... .... .... = Locally Administrated Address:
This is a FACTORY DEFAULT address
Type: IP (0x0800)
Internet Protocol, Src: 192.168.0.5 (192.168.0.5), Dst: 63.245.213.12
(63.245.213.12)
Version: 4
Header length: 20 bytes
Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00)
0000 00.. = Differentiated Services Codepoint: Default (0x00)
.... ..0. = ECN-Capable Transport (ECT): 0
.... ...0 = ECN-CE: 0
Total Length: 344
Identification: 0x9782 (38786)
Flags: 0x04 (Don't Fragment)
0... = Reserved bit: Not set
.1.. = Don't fragment: Set
..0. = More fragments: Not set
Fragment offset: 0
Time to live: 128
Protocol: TCP (0x06)
Header checksum: 0x0000 [incorrect, should be 0x8c6e]
Good: False
Bad : True
Source: 192.168.0.5 (192.168.0.5)
Destination: 63.245.213.12 (63.245.213.12)
Transmission Control Protocol, Src Port: 9725 (9725), Dst Port: 80 (80),
Seq: 0, Ack: 0, Len: 304
Source port: 9725 (9725)
Destination port: 80 (80)
Sequence number: 0 (relative sequence number)
Next sequence number: 304 (relative sequence number)
Acknowledgement number: 0 (relative ack number)
Header length: 20 bytes
Flags: 0x0018 (PSH, ACK)
0... .... = Congestion Window Reduced (CWR): Not set
.0.. .... = ECN-Echo: Not set
..0. .... = Urgent: Not set
...1 .... = Acknowledgment: Set
.... 1... = Push: Set
.... .0.. = Reset: Not set
.... ..0. = Syn: Not set
.... ...0 = Fin: Not set
Window size: 65535
Checksum: 0xd6f9 [incorrect, should be 0xf9f5]
Hypertext Transfer Protocol
GET /projects/seamonkey/ HTTP/1.1\r\n
Request Method: GET
Request URI: /projects/seamonkey/
Request Version: HTTP/1.1
Host: www.mozilla.org\r\n
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US;
rv:1.8.1.6) Gecko/20070802 SeaMonkey/1.1.4\r\n
Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\r\n
Accept-Language: en-us,en;q=0.5\r\n



>Thanks
>
>Zach


Me
 
Reply With Quote
 
 
 
 
VanguardLH
Guest
Posts: n/a
 
      09-16-2007
"Zach" wrote ...
>
> I would like a program (i use Windows XP) to monitor all of the
> websites that I visit in real time.
>
> I really want to know whether malware is accessing specific domains
> /
> IPs, and I currently have no way of viewing this. What I dont want
> is
> a tool to "spy" on a computer and monitor websites entered. Instead,
> I
> need some kind of traffic analysis tool.


Why would malware only connect to *web* sites? They'll connect to
whatever host they've been told to connect. As long as there is a
process listening on the port on the host they've been told to connect
then they can connect there. Doesn't have to be a web server that is
running on that host and listening on that port.

Learn to use your firewall's logs. Or get a better firewall. Or get
a packet sniffer to monitor all your traffic (and perhaps filter to
see just the protocols you want to monitor).

 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      09-17-2007
Zach <(E-Mail Removed)> wrote:

>Hi
>
>I would like a program (i use Windows XP) to monitor all of the
>websites that I visit in real time.
>
>I really want to know whether malware is accessing specific domains /
>IPs, and I currently have no way of viewing this. What I dont want is
>a tool to "spy" on a computer and monitor websites entered. Instead, I
>need some kind of traffic analysis tool.


For something simple google:
TCPview

It will show what programs are accessing the net, and at which sites.

--

http://www.rav.efbnet.com/humour/ohshit-cat.jpg
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Network Monitoring Program more simple than "MS Network Monitor v3"? gaikokujinkyofusho@gmail.com Wireless Networking 1 02-18-2008 06:31 PM
Network Monitoring Program more simple than "MS Network Monitor v3"? gaikokujinkyofusho@gmail.com Wireless Networking 0 02-18-2008 10:07 AM
Monitoring use on my home network Chris Cowles Wireless Networking 6 01-03-2005 07:56 AM
Monitoring a network using a Catalyst 2950(EI) and PIX 515E Rob Hulme Cisco 1 01-21-2004 09:16 PM
OT - within an enterprise - how do you charge for monitoring the network? chris kane Cisco 2 01-16-2004 05:42 AM



Advertisments