-
Here's a little something for the Windows users. Especially the ones who think they do not have any maleware or viruses and surf to p0rn sites, hacker/warez sites or download from torrents.
Microsoft Network Monitor.
Run it on the network interface of your Windows machine, use the on with an IP number. You will probably be flooded with a lot "stuff" and have no idea what most of it is. Just look at network IPs. Unfortunately I have yet to find a way to get it to resolve the IPs. You can use a web site like whatismyip.com to see who is registered to that ip and it's location. If it says Russia or China you might want to see what app is using that IP. If it says Microsoft or Google it is probably OK depending on your feelings about it. There are a lot on mine that do not say google but lead to google or a marketing firm of one sort or another.
You can let it run for awhile and save the "capture" then open and read the saved capture. The longer it runs the bigger the file but the more accurate as it needs to catch the apps communicating with the mothership.
You are concerned with your machines IP# being in either the source or destination columns. The app using that conection is in a third column. Ones that have no app listed and ones where you do not recognise the app name are the ones to focus on. There will be a lot of DNS and ARP stuff with no app listed, the Source and Destination should be your local network and or the DNS server.
If you have concerns and want a good capture use the settings to limit capture file size and let it run all night and all day if you can. There is also the ability to create filers.
Linux and Windows users can use Wireshark.
sudo apt-get install wireshark
Good luck. Hope you do not find anything too disturbing. 
Last edited by PoppaGeek; 12-08-2013 at 07:53 PM.
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
Reply With Quote
Bookmarks