Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Security Basics: Re: RE: Any tools to log the traffic/process information on Windows startup?

Re: RE: Any tools to log the traffic/process information on Windows startup?

From: Michael Painter <tvhawaii_at_shaka.com>
Date: Mon, 26 May 2008 17:46:57 -1000

The hijackthis suggestion sounded good...were you able to find anything?

One tool that I haven't seen mentioned here before is WinPatrol.
http://www.winpatrol.com/
Similar to Autoruns, and has a free version, but the Plus version is well worth the $30/lifetime cost in my book since
getting detailed info is just a mouseclick away.
It shows some things I don't see with Autoruns. There's a version for USB flash drives.

Another free program which associates IP connections with programs/processes/services is What's Running.
http://www.whatsrunning.net/whatsrunning/main.aspx

--Michael

----- Original Message -----
From: "Yan Zhai" <yanzhai_at_gmail.com>
To: "kunwon1" <dave.j.moore_at_gmail.com>
Cc: <security-basics_at_securityfocus.com>; <tvhawaii_at_shaka.com>
Sent: Friday, May 23, 2008 10:32 AM
Subject: Re: RE: Any tools to log the traffic/process information on Windows startup?

>I am having the same problem -- I installed the portReporter as an
> automatic service, but it cannot catch those questionable traffic
> (UDP, 0 byte sent, 540 bytes received, from either China or Poland).
> It seems that the connections take place before the service starts?
>
> As to the external sniffers, they are really not very helpful in this
> situation, since what we really want to figure out is which program(s)
> are involved in those suspecious traffic.
>
> Yan
>
> On 5/23/08, kunwon1 <dave.j.moore_at_gmail.com> wrote:
>> On Fri, May 23, 2008 at 12:55 AM, Michael Painter <tvhawaii_at_shaka.com> wrote:
>>
>> > I suppose sniffing the wire with another box would be the best approach as
>> > far as "traffic" goes?
>> >
>>
>>
>> The very best approach would be to put your scanner between the box in
>> question and the WAN. I'm fairly certain that iptables can be
>> configured to log everything that passes through, and that way you're
>> guaranteed to get 100% of the traffic.
>>
>> --
>> ==========
>> A human being should be able to change a diaper, plan an invasion,
>> butcher a hog, conn a ship, design a building, write a sonnet, balance
>> accounts, build a wall, set a bone, comfort the dying, take orders,
>> give orders, cooperate, act alone, solve equations, analyze a new
>> problem, pitch manure, program a computer, cook a tasty meal, fight
>> efficiently, die gallantly. Specialization is for insects. -Heinlein
>>
>> This message copyright (c) 2004-2007 David J Moore
>>
>
>
> --
> Use Snort, the de facto standard for Intrusion Detection
> ,,__
> o" )~ oink oink
> ' ' ' '
Received on May 27 2008

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]