HELP - Computer sending packets when idel

Discussion in 'Computer Support' started by stefanmoran, Feb 28, 2006.

  1. stefanmoran

    stefanmoran Guest

    Hello,

    Recently my computer started sending packets over the net as soon as
    it's booted.

    A packet capture with Ethereal tells me that the packets are always the
    same size 197 Bytes, same LLC protocol with the same HEX data.

    I've run the standard computer scrubbing tools for Trojans, Viruses,
    Adware, Spyware, etc. with everything giving my comp a clean bill of
    health (will post HJT file if required).

    Security Task Manager shows only my AVS suite, JAVA, Printer and
    Windows processes as being active. I'm running Win2k SP4, have a
    D-Link DI-424 Wi-Fi router with WEP128 key and MAC recognition on and
    Firewall enabled, have the standard mix of AVS, Spamware, firewalls
    working.

    All the software have the most recent definitions and I have the latest
    security patchs from Microsoft (I know still isn't enough with MS).

    So I'm looking for an app that will allow me to...
    1. Track what software on my system sending packets (size, protocol,
    ports, etc.)
    2. Track where the packets are being sent to (IP, Whois, etc.)
    3. Any info to shed light on how to correct this problem (better
    security for my comp other then having to go to Linux or Mac)

    Thanks for any help given.

    SM
     
    stefanmoran, Feb 28, 2006
    #1
    1. Advertisements

  2. stefanmoran

    Trax Guest

    wrote:

    |>Hello,
    |>
    |>Recently my computer started sending packets over the net as soon as
    |>it's booted.
    |>
    |>A packet capture with Ethereal tells me that the packets are always the
    |>same size 197 Bytes, same LLC protocol with the same HEX data.
    |>
    |>I've run the standard computer scrubbing tools for Trojans, Viruses,
    |>Adware, Spyware, etc. with everything giving my comp a clean bill of
    |>health (will post HJT file if required).
    |>
    |>Security Task Manager shows only my AVS suite, JAVA, Printer and
    |>Windows processes as being active. I'm running Win2k SP4, have a
    |>D-Link DI-424 Wi-Fi router with WEP128 key and MAC recognition on and
    |>Firewall enabled, have the standard mix of AVS, Spamware, firewalls
    |>working.
    |>
    |>All the software have the most recent definitions and I have the latest
    |>security patchs from Microsoft (I know still isn't enough with MS).
    |>
    |>So I'm looking for an app that will allow me to...
    |>1. Track what software on my system sending packets (size, protocol,
    |>ports, etc.)
    |>2. Track where the packets are being sent to (IP, Whois, etc.)
    |>3. Any info to shed light on how to correct this problem (better
    |>security for my comp other then having to go to Linux or Mac)

    http://www.sysinternals.com/Utilities/TcpView.html
    Double click on process to show program in use, Right click on process
    for Whois.
     
    Trax, Feb 28, 2006
    #2
    1. Advertisements

  3. stefanmoran

    why? Guest

    Windows or or other OS? Several of the bits below work on non Windows
    platforms.

    So you didn't mention address / ports.

    Ethereal for size,protocol, ports see the stats / summary menus.

    Outpost firewall has program / bytes. If you start by blocking
    everything then allow only specific apps as needed. Logs have allowed /
    blocked process names , protocols , addresses and ports.

    From past posts in 24HSHD,
    http://groups.google.com/group/24hoursupport.helpdesk?
    (searching for info seems to be a lost art)

    Ripped from a previous posts,

    You can see the basic connection info , socket state and server
    addresses using something like Karen's LAN Monitor
    http://www.karenware.com/powertools/ptlanmon.asp
    That's a sort of high level view of what's going on.

    and this, list of tools
    http://www.winpcap.org/misc/links.htm

    this as well,
    http://www.tamos.com/products/commview/sniffer.htm


    this also,
    http://www.sysinternals.com/NetworkingUtilities.html
    TCPView v2.4
    See all open TCP and UDP endpoints. On Windows NT, 2000 and XP TCPView
    even displays the name of the process that owns each endpoint. Includes
    a command-line version, tcpvcon.

    and whois
    http://www.sysinternals.com/utilities/whois.html
    Whois v1.01
    See who owns an Internet address.




    HAve a read and see what features the stuff has.
    Search www.google.com for whois you will find several whois servers.

    Search for addresses using www.dnsstuff.com

    VisualRoute does that and more, www.visualware.com
    Is it a problem yet?
    Me
     
    why?, Feb 28, 2006
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.