Zone Alarm: is there a way to know...

... what is leaving the computer when all the outbound (red bars) are
flashing, all the time?
At this point, I know I have no virus, trojan, spyware etc. I have also
turned off Automatic Updates in Windows XP (Home Edition), but as soon as I
log on, the outgoing zone alarm bars start up... so I'm at a loss, and
concerned.
Is there a simple way to find out?
Thanks in advance! I hope this made sense...
Carmen
Reply to
Michael O'Donnell
Loading thread data ...
Long
formatting link
Short
formatting link

You can use the tools in the link above like Active Ports, Process Explorer and the other tools being mentioned and go look for yourself.
Yes and ZA and other personal FW(s) can and do get beaten.
Duane :)
Reply to
Duane Arnold
Click on the ZA icon and look see what applications are running, thats a good start.
-- Jim Watt
formatting link
Reply to
Jim Watt
Well, you could try looking at the raw traffic...
formatting link
Reply to
galt_57
You could have no viruses/worms/Trojans/spyware, and still have lots of outbound traffic when you log on. Depends on what you've got installed.
E.g. if you have Yahoo Messenger installed, you will have lots of outbound traffic associated with the Bonjour Service installed with it. Windows Messenger will also quickly kick off outbound traffic.
Anti-virus programs will also quickly kick off outbound traffic. At a minimum, you will have outbound traffic with Generic Host Process for Win32.
To get specific answers for your PC, click on the Programs tab, and put question marks on all internet access for all programs, instructing Zone Alarm to ask your permission each and every time a program wants outbound access.
Michael O'D> ... what is leaving the computer when all the outbound (red bars) are
Reply to
JW
As already mentioned in the thread, you could have a look at the traffic using a sniffer, ethereal nearly being a standard today.
This examination will give you a lot of information even if the data uses a home made protocol and/or encryption, such as volume, used layers, *destination*, etc.
Doing whois queries on the destination addresses can help a lot.
Kind regards Ludovic Joly
Reply to
lgr_joly
Try to install NetLimiter 2 Monitor (freeware).
formatting link
It will list all processes connected to internet together with destination IP and port used for communication. It will also log ammount of data transfer. You will easy see what is going on.
You can also use netstat command in command prompt (Windows console) to see active connections.
Reply to
alf

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.