If this isn't the best place to ask this please point me to the appropriate group.
There are so many programs in the bowels of XP that are constantly accessing or being accessed by the internet it worries me. I would like to know which programs are doing this. Is there a free (or cheap) program that logs all these exchanges with the identity of the program on my computer that's involved with the exchange?
jim
you need a firewall that performs logging. mine (Norton NIS) allows rules to Permit,Deny, & Monitor. The Monitor rules says 'log the contact and continue with the next rule'
when investigating web access, I enable the rule that says monitor all outbound ports remote ports 80,443,8080,8081,110,143,25 tcp there's more than enough to keep you reading ...
the connection log looks like you'll not only see things you expect:
the firewall logs programs Remote address,service is(mail.adelphia.net(68.168.78.100),pop3(110)). Process "C:\\Program Files\\Common Files\\SymantecShared\\ccApp.exe". Remote address,service is (24.48.217.227,domain(53)). Process name is "C:\\Program Files\\Mozilla Firefox\\firefox.exe".
There's a couple of ways to do this.
But ICMP protocol it's not traked in this way. isn't true?
"Overview Port Reporter logs TCP and UDP port activity on a local Windows system. Port Reporter is a small application that runs as a service on Windows 2000, Windows XP, and Windows Server 2003.
On Windows XP and Windows Server 2003 this service is able to log which ports are used, which process is using the port, if the process is a service, which modules the process has loaded and which user account is running the process."
Ric
ICMP does not use port numbers (the numbers your toy firewall shows as source and destination port numbers are actually the "ICMP type" and "ICMP code" values).
If you see an ICMP error packet, it has enough information inside the packet for your computer to understand. You try to connect to some idiot's web page and mis-type the hostname - and this other host isn't running a web server. It will send back an ICMP packet that says "you said 'connect to the web server here' but there is no web server". Or maybe there is no host - a router will send back a similar "you said 'connect to the web server at MUMBLE.FUMBLE.FOO' but I can't find that host".
ICMP has no conversations. It has only answers.
Old guy
Each one of the programs in the link are free.
Long
Yes, but it could be used like tcp or udp. Its safe to block it or track it everytime.
If i have installed a package into one lan pc, i can use this from the outside and the firewall sucks
[ICMP has...]
If you wish, you can block ICMP Type 0 outbound and type 8 inbound to prevent others from 'pinging' you.
If you wish, you can block ICMP Type 0 and 8 completely to prevent ping completely, which will also block the windoze version of TRACERT.
If you wish, you can block ICMP Type 3 outbound, and see a slight traffic increase when outsiders try to contact you.
If you wish, you can block ICMP Type 3 completely, and see an increase in traffic. This will also cause long delays when you make typing errors.
If you wish, you can block ICMP Type 11 if you don't use TRACERT.
You can block all _OTHER_ types, as they are rarely used, or are not assigned to any service. But no matter, there is nothing to track.
This is not understandable.
Old guy
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.