Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: RE: Any tools to log the traffic/process information on Windows startup?

Re: RE: Any tools to log the traffic/process information on Windows startup?

From: Kelly Keeton <kellyrkeeton_at_gmail.com>
Date: Thu, 22 May 2008 09:33:12 -0700

ok I can agree with the OP requirements, as far as the last Q to force
it to load before anything else you would need to load as a driver to
get in at the kernel level.

anything that is loaded via registry, win.ini startup could have
something load before it with a good root kit in the case of a virus.

IMO you would need to run a wireshark in tandem with a PID/Port
watcher or use the microsoft product in prior email I assume that is a
driver loaded application

On Thu, May 22, 2008 at 12:02 AM, Michael Painter <tvhawaii_at_shaka.com> wrote:
>
> ----- Original Message ----- From: "Kelly Keeton" <kellyrkeeton_at_gmail.com>
> To: <security-basics_at_securityfocus.com>
> Sent: Wednesday, May 21, 2008 12:54 PM
> Subject: Re: RE: Any tools to log the traffic/process information on Windows
> startup?
>
>
>> that tool looks horrible, who would pay for this function?!?! no
>> offense but that looks like a VB6 app from hell.
>>
>> why not use free things like sysinternals.com or nirsoft tools? they
>> do the EXACT SAME THING for free and are not coded in VB6
>>
>> when i need a tool to scan ports i don't want it also "synching time"
>>
>> On Wed, May 21, 2008 at 2:03 PM, <gpickett71_at_yahoo.com> wrote:
>>>
>>> A good tool is AW Ports Traffic Analyzer. You can check it out at
>>> http://www.atelierweb.com/pta/. It has a demonstration mode that is fully
>>> functioning but logs only 3MB worth of data. The full version which is
>>> pretty cheap will log up to 500MB.
>>>
>
>
>
> I don't see the EXACT SAME THING at all.
> I took some time and re-sized the windows/partitions/columns (which it
> remembers!), and this tool is actually pretty nice.
> The 3MB buffer of the free edition could be enough to do what the OP
> wanted...log the startups.
>
>>> when i need a tool to scan ports i don't want it also "synching time"<<
>
> What, exactly, do you mean by this?
>
> My question is how do you make sure it runs before anything else is started?
> Put it the Startup Folder? Registry? Win.ini?
>
> Thanks,
>
> --Michael
>
>
Received on May 22 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]