Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: RE: Any tools to log the traffic/process information on Windows startup?

Re: RE: Any tools to log the traffic/process information on Windows startup?

From: Michael Painter <tvhawaii_at_shaka.com>
Date: Thu, 22 May 2008 19:55:17 -1000

I installed M'soft's Port Reporter and 'Autoruns' shows it in [HKLM\System\CurrentControlSet\Services] . I suppose that's
as good as it gets as far as running something early in the boot sequence.(?)
After bootup, Port Reporter Parser shows exactly the same thing as AW Ports Traffic Analyzer, fwiw, but AWPTA runs from
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup. Hopefully I don't have any malware or rootkits on my
box either, so my tests aren't that good.<g>

I suppose sniffing the wire with another box would be the best approach as far as "traffic" goes?

--Michael

----- Original Message -----
From: "Kelly Keeton" <kellyrkeeton_at_gmail.com>
To: <security-basics_at_securityfocus.com>
Sent: Thursday, May 22, 2008 6:33 AM
Subject: Re: RE: Any tools to log the traffic/process information on Windows startup?

> ok I can agree with the OP requirements, as far as the last Q to force
> it to load before anything else you would need to load as a driver to
> get in at the kernel level.
>
> anything that is loaded via registry, win.ini startup could have
> something load before it with a good root kit in the case of a virus.
>
> IMO you would need to run a wireshark in tandem with a PID/Port
> watcher or use the microsoft product in prior email I assume that is a
> driver loaded application
>
> On Thu, May 22, 2008 at 12:02 AM, Michael Painter <tvhawaii_at_shaka.com> wrote:
>>
>> ----- Original Message ----- From: "Kelly Keeton" <kellyrkeeton_at_gmail.com>
>> To: <security-basics_at_securityfocus.com>
>> Sent: Wednesday, May 21, 2008 12:54 PM
>> Subject: Re: RE: Any tools to log the traffic/process information on Windows
>> startup?
>>
>>
>>> that tool looks horrible, who would pay for this function?!?! no
>>> offense but that looks like a VB6 app from hell.
>>>
>>> why not use free things like sysinternals.com or nirsoft tools? they
>>> do the EXACT SAME THING for free and are not coded in VB6
>>>
>>> when i need a tool to scan ports i don't want it also "synching time"
>>>
>>> On Wed, May 21, 2008 at 2:03 PM, <gpickett71_at_yahoo.com> wrote:
>>>>
>>>> A good tool is AW Ports Traffic Analyzer. You can check it out at
>>>> http://www.atelierweb.com/pta/. It has a demonstration mode that is fully
>>>> functioning but logs only 3MB worth of data. The full version which is
>>>> pretty cheap will log up to 500MB.
>>>>
>>
>>
>>
>> I don't see the EXACT SAME THING at all.
>> I took some time and re-sized the windows/partitions/columns (which it
>> remembers!), and this tool is actually pretty nice.
>> The 3MB buffer of the free edition could be enough to do what the OP
>> wanted...log the startups.
>>
>>>> when i need a tool to scan ports i don't want it also "synching time"<<
>>
>> What, exactly, do you mean by this?
>>
>> My question is how do you make sure it runs before anything else is started?
>> Put it the Startup Folder? Registry? Win.ini?
>>
>> Thanks,
>>
>> --Michael
>>
>>
Received on May 23 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]