help monitor internet activity « Giveaway of the Day Forums

Back to Giveaway of the Day

Giveaway of the Day Forums » General discussion

help monitor internet activity

(4 posts) (2 voices)

Started 16 years ago by sergio
Latest reply from RunesageMagik

sergio
Member

this morning, about after i installed the last software (not suggesting it is related) i was informed by my ads/spam/etc ip filter that there had been 3 attempts to connect to a remote site from my ip which had been blocked.
however this software does not tell me what program did it.
i would like to ask if anyone knows of any freeware that will be compatible with any firewall that will log me the programs that atempt to connect to the internet and to what addresses.
thank you.

Posted 16 years ago #
RunesageMagik
Member

sergio, I believe any free firewall (I prefer Sygate, many like Zone Alarm) maintains a log of inbound/outbound traffic (blocked, failed and successful), along with the IP addies involved. At least Sygate does, and it gives the user the ability to backtrace and block specific IP address, or you can add them to your HOSTS file.

Many developers include an autocheck for updates immediately after an install, or a feedback burst to inform them of a new registered user. Personally, I don't allow any of that if I can block it and the program still works for two reasons -
a) I don't know what data they're scarfing up off my PC
b) There's been at least one case of a free program from GAOTD being ruined because the autoupdater erased the free registration info when it found and executed an update without any warning!

If you're concerned (and you have every right to be) you need to identify the IP addresses and ask the developer point blank why the software was phoning home.

Posted 16 years ago #
sergio
Member

thanks for the reply.
the reason i asked is to be sure what program exactly is doing the calling.
i dont want to accuse the last software i installed of doing it.
the ip was blocked, i just dont know who is doing the calling. that is the problem..:(

Posted 16 years ago #
RunesageMagik
Member

Theoretically, any active or scheduled (not by you but by s/w) process could be trying to call out. Depending on your firewall, and Hosts and adware/web shield settings, either the process or the destination could be blocked. Sadly, many blocking utilities fail to identify themselves when they block something. I find that maddening and user-unfriendly. HOSTSMan identifies itself, but mostly you get a cryptic pop up or MSFT's useless Cannot Open Page window. I don't know of a utility that simplifies the process of determining what tried to call out, especially if the action is blocked internally before the firewall logs the actual attempt. I imagine geeks use a deep probe utility that tracks/logs all system calls. Perhaps something like SysInternals Process Explorer? Nongeeks are stuck with the tiresome and inexact process of elimination technique, followed by the drink a beer and punch the monitor technique.

Assuming your system was very recently scanned for viruses, you could try replicating the event -
>>> disable every unnecessary process
>>> delete/reinstall the s/w (only if the 24-hour GAOTD window hasn't expired, of course!)
>>> see if the same call out attempts are made and make a record of the exact wording of any blocks, including IP addies and backtrace to get the domains.
>>> if any clearly go to the s/w developer, you have your answer
>>> if not, maybe contact the developer and ask why the coincident call outs (don't accuse)

Sorry I can't be more help.

Posted 16 years ago #

RSS feed for this topic

Reply

You must log in to post.