| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 96889 | 2009-01-27 20:34:00 | un-identified WWW traffic | jupiter1 (2578) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 742550 | 2009-01-27 20:34:00 | Hi team, I am running Win2k pro, Mozilla firefox, Pegasus emailer, Avast 4.8 and Zonealarm. All the with latest up-dates. I am on a dialup connection. Where the option is available automatic updates is turned off. When ever I connect to internet Zonealarm indicates constant and continuous traffic. Closing down all of the above programs except Win 2k does not stop this flow. Only disconnecting from the phone line achieves this. How can I identify what is doing this and weather it is legitimate or not ? Cheers, Phil. |
jupiter1 (2578) | ||
| 742551 | 2009-01-27 21:20:00 | I take it that zone alarm does not show what program is currently accessing the internet? I'd say that makes zone alarm a pretty useless firewall. If it doesn't know what programs are accessing the internet, it is impossible for it to block/allow access. Short of getting a decent firewall which does, you could get wireshark and pcap. Run wireshark and it will tell you exactly which ip and port your computer is trying to connect to (or who is trying to connect to you) as well as the actual data contained in the data packet. |
utopian201 (6245) | ||
| 742552 | 2009-01-27 21:44:00 | when connected to internet.... open a dos window (click start, RUN, type "CMD") from the dos window run a netstat. c:> netstat -a -b post results here. |
robsonde (120) | ||
| 742553 | 2009-01-27 22:55:00 | I suspect it's ZA itself getting updates!! When you open ZA, you can see the programs currently accessing the interweb in the top right-hand corner of the window.... | johcar (6283) | ||
| 742554 | 2009-01-28 01:29:00 | when connected to internet.... open a dos window (click start, RUN, type "CMD") from the dos window run a netstat. c:> netstat -a -b post results here. Hi, There doesn't seem to be a -b switch but follows is the netstat -a results. Note that neither mozilla nor pegasus or any other progy was loaded. ZA and Avast were in the system tray. Cheers. C:\>netstat -a Active Connections Proto Local Address Foreign Address State TCP main:epmap main:0 LISTENING TCP main:microsoft-ds main:0 LISTENING TCP main:1025 main:0 LISTENING TCP main:1026 main:0 LISTENING TCP main:1811 main:0 LISTENING TCP main:1812 main:0 LISTENING TCP main:1814 main:0 LISTENING TCP main:1816 main:0 LISTENING TCP main:1835 main:0 LISTENING TCP main:1845 main:0 LISTENING TCP main:1873 main:0 LISTENING TCP main:1874 main:0 LISTENING TCP main:1876 main:0 LISTENING TCP main:1877 main:0 LISTENING TCP main:1811 sl76.avast.com:http CLOSE_WAIT TCP main:1812 sl79.avast.com:http ESTABLISHED TCP main:1835 flightbookings.airnewzealand.co.nz:http LAST_ACK TCP main:1845 ip-210-48-100-25.iconz.net.nz:http LAST_ACK TCP main:1874 tw-in-f101.google.com:http CLOSE_WAIT TCP main:1877 74.125.11.85:http CLOSE_WAIT TCP main:1813 main:1814 ESTABLISHED TCP main:1814 main:1813 ESTABLISHED TCP main:1815 main:1816 ESTABLISHED TCP main:1816 main:1815 ESTABLISHED TCP main:1873 main:12080 ESTABLISHED TCP main:1876 main:12080 ESTABLISHED TCP main:12025 main:0 LISTENING TCP main:12080 main:0 LISTENING TCP main:12080 main:1873 ESTABLISHED TCP main:12080 main:1876 ESTABLISHED TCP main:12110 main:0 LISTENING TCP main:12119 main:0 LISTENING TCP main:12143 main:0 LISTENING UDP main:microsoft-ds *:* UDP main:isakmp *:* C:\> |
jupiter1 (2578) | ||
| 742555 | 2009-01-28 01:30:00 | I suspect it's ZA itself getting updates!! When you open ZA, you can see the programs currently accessing the interweb in the top right-hand corner of the window.... Hi, svcs controller app and avast were up there but all were only listening so it told me. Cheers |
jupiter1 (2578) | ||
| 742556 | 2009-01-28 01:41:00 | I suspect it's ZA itself getting updates!! It could be Avast too, as it updates silently (apart from the booming "Virus database updated" voice) |
jwil1 (65) | ||
| 742557 | 2009-01-28 02:05:00 | If no programs were running why is this in there? TCP main:1835 flightbookings.airnewzealand.co.nz:http LAST_ACK |
FoxyMX (5) | ||
| 742558 | 2009-01-28 02:25:00 | If no programs were running why is this in there? TCP main:1835 flightbookings.airnewzealand.co.nz:http LAST_ACK this air nz url is my home page in Mozilla firefox but mozilla was not running so I am unable to answer your question. cheers, |
jupiter1 (2578) | ||
| 742559 | 2009-01-28 02:27:00 | It could be Avast too, as it updates silently (apart from the booming "Virus database updated" voice) avast asks me if I wish to install any updates available, without a booming voice I might add. No updates were occurring at the time. Cheers, |
jupiter1 (2578) | ||
| 1 2 | |||||