Progam to monitor net access/activity

zeep · 21st Dec 2004, 08:11 AM

I get the feeling my winxp is possesed. Lately i see data being send/received but there's nothing running. I want to run a program that shows what is doing what on my internet connection. I don't have a firewall installed btw. Just xp sp1 firewall. Mcafee didnt find anything btw.

Is there a simple (free) program out there that can help me find out whats going on?

Nightmare · 21st Dec 2004, 09:14 AM

Just install ZoneAlarm and see what programs ask for access. I've got 30 different programs cleared for net access, all from games to the update checker for java.

frenchfrog · 21st Dec 2004, 09:19 AM

netstat -a ?

Here you go for a graphical netstat with the attached process that have opened the port: TCPView

btw, sysinternals have a lots of every usefull utilities.

zeep · 21st Dec 2004, 04:10 PM

Forum speed is horrid! So thanks for taking time to reply. I'm going to try everything you mentioned.

Btw, my netstat -a results, should i be afraid?

Code:

C:\Documents and Settings\zeep>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    ZEEP_1:epmap           ZEEP_1:0               LISTENING
  TCP    ZEEP_1:microsoft-ds    ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1025            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1026            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1030            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1039            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1040            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1041            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1593            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1597            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1605            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1613            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:pptp            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:5000            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:netbios-ssn     ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1030            10.0.0.138:pptp        ESTABLISHED
  TCP    ZEEP_1:10452           ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1592            ZEEP_1:0               LISTENING
  TCP    ZEEP_1:1592            localhost:1593         ESTABLISHED
  TCP    ZEEP_1:1593            localhost:1592         ESTABLISHED
  TCP    ZEEP_1:netbios-ssn     ZEEP_1:0               LISTENING
  TCP    ZEEP_1:netbios-ssn     dsl-201-135-89-174.prod-infinitum.com.mx:63825
ESTABLISHED
  TCP    ZEEP_1:microsoft-ds    80-219-159-70.dclient.hispeed.ch:4502  ESTABLISH
ED
  TCP    ZEEP_1:microsoft-ds    gv-bzh-143d.adsl.wanadoo.nl:3140  ESTABLISHED
  TCP    ZEEP_1:microsoft-ds    gv-bzh-143d.adsl.wanadoo.nl:4158  ESTABLISHED
  TCP    ZEEP_1:1040            205.188.9.44:5190      ESTABLISHED
  TCP    ZEEP_1:1041            baym-cs284.msgr.hotmail.com:1863  ESTABLISHED
  TCP    ZEEP_1:1588            baym-sb18.msgr.hotmail.com:1863  TIME_WAIT
  TCP    ZEEP_1:1597            baym-sb36.msgr.hotmail.com:1863  ESTABLISHED
  TCP    ZEEP_1:1599            mail.beyondunreal.com:http  TIME_WAIT
  TCP    ZEEP_1:1605            66.102.9.99:http       ESTABLISHED
  TCP    ZEEP_1:1612            62.109.86.75:http      TIME_WAIT
  TCP    ZEEP_1:1613            baym-sb72.msgr.hotmail.com:1863  ESTABLISHED
  TCP    ZEEP_1:7956            ZEEP_1:0               LISTENING
  UDP    ZEEP_1:microsoft-ds    *:*
  UDP    ZEEP_1:isakmp          *:*
  UDP    ZEEP_1:1035            *:*
  UDP    ZEEP_1:1036            *:*
  UDP    ZEEP_1:1581            *:*
  UDP    ZEEP_1:ntp             *:*
  UDP    ZEEP_1:netbios-ns      *:*
  UDP    ZEEP_1:netbios-dgm     *:*
  UDP    ZEEP_1:1900            *:*
  UDP    ZEEP_1:8307            *:*
  UDP    ZEEP_1:14583           *:*
  UDP    ZEEP_1:ntp             *:*
  UDP    ZEEP_1:1900            *:*
  UDP    ZEEP_1:ntp             *:*
  UDP    ZEEP_1:netbios-ns      *:*
  UDP    ZEEP_1:netbios-dgm     *:*
  UDP    ZEEP_1:1900            *:*
  UDP    ZEEP_1:11973           *:*
  UDP    ZEEP_1:49382           *:*

frenchfrog · 21st Dec 2004, 05:02 PM

ok, first try to run it when your computer boot, not when you have your AIM client, MSN client, INF message board open in your browser ...

anyway try the graphical one (it will tell you the process attached to the port)

thinking about it, your problem is perhaps only related to microsoft "background intelligent transfert" service (you can turn in off by putting it in "manual" starting).

also after a quick look at your "netstat -a" output:
-port 5000 is kind of ****ty and opened by the "Windows Universal plug and play" service, it's not causing your problem but it would probably a good idea to shut that service down.

21st Dec 2004, 08:11 AM	#1
zeep :( Join Date: Feb. 16th, 2001 Posts: 1,737	Progam to monitor net access/activity I get the feeling my winxp is possesed. Lately i see data being send/received but there's nothing running. I want to run a program that shows what is doing what on my internet connection. I don't have a firewall installed btw. Just xp sp1 firewall. Mcafee didnt find anything btw. Is there a simple (free) program out there that can help me find out whats going on?

21st Dec 2004, 09:19 AM	#3
frenchfrog The mighty batrachian Join Date: Jan. 18th, 2004 Location: Quebec, Canada Posts: 139	netstat -a ? Here you go for a graphical netstat with the attached process that have opened the port: TCPView btw, sysinternals have a lots of every usefull utilities. __________________

21st Dec 2004, 05:02 PM	#5
frenchfrog The mighty batrachian Join Date: Jan. 18th, 2004 Location: Quebec, Canada Posts: 139	ok, first try to run it when your computer boot, not when you have your AIM client, MSN client, INF message board open in your browser ... anyway try the graphical one (it will tell you the process attached to the port) thinking about it, your problem is perhaps only related to microsoft "background intelligent transfert" service (you can turn in off by putting it in "manual" starting). also after a quick look at your "netstat -a" output: -port 5000 is kind of ****ty and opened by the "Windows Universal plug and play" service, it's not causing your problem but it would probably a good idea to shut that service down. __________________

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

21st Dec 2004, 09:14 AM	#2
Nightmare Only human Join Date: Sep. 23rd, 2001 Location: Finland Posts: 446	Just install ZoneAlarm and see what programs ask for access. I've got 30 different programs cleared for net access, all from games to the update checker for java.