|
luvdemshrooms
Two inch dick..but it spins!?
Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
|
Packet Monitoring
#4047228 - 04/12/05 06:12 PM (18 years, 11 months ago) |
|
|
Here's one for you wizards. A week or two ago I noticed the activity light on my cable modem flashing when I wasn't using the internet. This was new, or I had missed it (but I doubt it). I installed AnalogX packet monitor and sat back and watched. Ist up was my ISP. A call to tech support got a claim of it's normal for this to happen. I asked what data was being transmitted and got the answer "It's a data transmission". So helpful. So I used my Norton firewall to block the DNS that was showing. There were a few other DNS's which showed from a company across the country. Blocked it as well. So for a few days no flashing. Then it started again. Tried to fire up the packet monitor but got this message, "Unable to open raw socket". It took an uninstall and a reg edit to get it going again. During this time I've had to reinstall Soulseek a few times as well. The .exe file vanished each time after a day or two. KazaaLite stopped working. So today I had to do yet another uninstall and regedit for the packet monitor. During regular net use the monitor works as it should. During periods of inactivity it shows no packets yet the local area connection status window shows packets dribbling in very slowly
And thoughts? How can packets slip in without the monitor detecting them? What is happening to affect only internet programs?
Oh, and I've run Adaware, Spybot and Microsoft Spyware several times with the latest updates.... as well as several virus scans.
Thanks.
-------------------- You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers
|
TinMan
Stranger
Registered: 10/01/02
Posts: 2,956
Loc: Russia
|
|
Quote:
luvdemshrooms said: And thoughts? How can packets slip in without the monitor detecting them? What is happening to affect only internet programs?
Having to reinstall certain applications shouldn't have too much to do with any windows network related problems? I'd say you have some bug or quirk in windows, it has a tendency to age and degrade like an old man. The packets slipping through could be pings or replies. I wouldn't worry about that too much, just check on background programs in taskmanager that could be checking for updates, thats all I can think of.
|
luvdemshrooms
Two inch dick..but it spins!?
Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
|
Re: Packet Monitoring [Re: TinMan]
#4048942 - 04/13/05 02:59 AM (18 years, 11 months ago) |
|
|
The Windows install is only 2 months old. I mentioned the problem programs out of curiosity that both are p2p programs, found that odd.
I did check for auto-updates but I have all those turned off. All the most recent packets are incoming and it takes several minutes to receive 1.
Thanks for the response.
-------------------- You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers
|
MAIA
World-BridgerKartikeya (DftS)
Registered: 04/27/01
Posts: 7,396
Loc: Erra - 20 Tauri - M45 Sta...
Last seen: 2 months, 17 days
|
|
Reboot you PC, open a msdos prompt and type "netstat -an" without the quotes and hit enter. You should be getting something like this, probably less lines. The important thing is to identify any "alien" address. Code:
Active Connections
Proto Local Address Foreign Address State TCP 0.0.0.0:1025 0.0.0.0:0 LISTENING TCP 127.0.0.1:1037 0.0.0.0:0 LISTENING TCP 192.168.0.174:1026 0.0.0.0:0 LISTENING TCP 192.168.0.174:1026 192.168.0.139:139 ESTABLISHED TCP 192.168.0.174:1027 0.0.0.0:0 LISTENING TCP 192.168.0.174:1027 192.168.0.11:139 ESTABLISHED TCP 192.168.0.174:137 0.0.0.0:0 LISTENING TCP 192.168.0.174:138 0.0.0.0:0 LISTENING TCP 192.168.0.174:139 0.0.0.0:0 LISTENING UDP 0.0.0.0:1025 *:* UDP 127.0.0.1:1037 *:* UDP 192.168.0.174:137 *:* UDP 192.168.0.174:138 *:*
All 0.0.0.0 and 127.0.0.1 are ok. 192.168.0.174 is ok too, it's my ip address, you can see yours by typing "ipconfig" at the msdos prompt, you'll probably need to insert this command if your internet connection is made through DHCP and you have a dynamic ip. Mine is not, but the thing is, you have to do this after rebooting so all connection tables are clean, if you get an endless list then there's something wrong. Also, you have to be careful about some programs which enable auto-update or auto-connect services - like java or some firewalls or anti-virus also do this. Those programs are usually found running in the system tray, near the date&time. Try turning off, disabling or closing those programs, then try again. Hope it helps
MAIA
-------------------- Spiritual being, living a human experience ... The Shroomery Mandala Use, do not abuse; neither abstinence nor excess ever renders man happy. Voltaire
|
nife
I'm Dead
Registered: 12/26/03
Posts: 225
Last seen: 1 year, 2 months
|
Re: Packet Monitoring [Re: MAIA]
#4052871 - 04/14/05 12:03 AM (18 years, 11 months ago) |
|
|
Cable modem's have lots of data that comes in even if not all of it is for you. So the light will blink a little bit but the packets that get to your side are destined for you. So this explains why you are having the light blink even when you have your computer turned off. If you don't have a cable modem keep reading for more information
Now to address the stuff thats hitting you computer(the stuff you see at the packet monitor) is most likely traffic that your windows os and other using the isp are generating. Netbios and other things are notoriously noisy stuff. They sends lots of packet and they love sending to the broadcast address, which means that everyone near by gets them. I run a VERY tight firewall that caputres every packet that is not going to a port that I allow(which is quite a lot since I don't run windows. I have 45781 dropped packets in less than a couple days. Thats all traffic sent to me that is not useful. Serioulsy there is a ton of stuff that windows and others generate that if you are running any decent firewall is totally harmless. Don't get too worried.
I hope this helped If you have specific questions, then I recomend you read up on some of the free Open Source packet capturing stuff and then I can try to help you.
-------------------- Protect Your Rights Freedom Card
Edited by nife (04/14/05 12:04 AM)
|
MAIA
World-BridgerKartikeya (DftS)
Registered: 04/27/01
Posts: 7,396
Loc: Erra - 20 Tauri - M45 Sta...
Last seen: 2 months, 17 days
|
|
Yeap, i completely agree with you nife. Try something like Ethereal for windows, it's an excellent sniffer. Meanwhile, there are some programs that improve your internet security level besides firewalls, i've tried harden-it. It's a run once software that hardens your IP stack. Get it here http://www.soft32.com/download_77888.html .
MAIA
-------------------- Spiritual being, living a human experience ... The Shroomery Mandala Use, do not abuse; neither abstinence nor excess ever renders man happy. Voltaire
|
luvdemshrooms
Two inch dick..but it spins!?
Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
|
|
Thank you all.
-------------------- You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers
|
|