Fog Creek Software
Discussion Board




sniffing a program's Internet activity?

While running a personal firewall I have discovered that a program I purchased attemts to become a TCP server. :-(

The problem is, that program has no business being a server.

I would really like to know exactly what it does and what information it sends and receives, because I belive something very fishy may be going on.

How do I do that?

Is there any tool that allows me to log all the data transmitted over the network (TCP or UDP) by a specified program?

I run Windows XP on a computer directly connected to the Internet, and I can't afford a separate Linux machine or something, so I'm looking for a simple solution which runs on Windows XP.

Is there such a thing?

Thank you very much!

Crane Michael
Wednesday, July 23, 2003

http://www.ethereal.com/

I think this does what you want.

Andy
Wednesday, July 23, 2003

use ethereal :)  its not exactly simple but its the closest thing Ive found on the windows platform.

I love it personally.

FullNameRequired
Wednesday, July 23, 2003

There are quite a few packet sniffer tools around. For Windows, there's a list at:

http://tangentsoft.net/wskfaq/resources/debugging.html

We use Network Spy, which is quite good but not free. Filtering is by packet type, source/destination address, or port number, but not AFAIK by specific application. You should be able to find out what port the server is opening up by netstat, and filter on that.

ajs
Wednesday, July 23, 2003

Etherial.

www.marktaw.com
Thursday, July 24, 2003

Try WinDump/WinPcap.
http://windump.polito.it/install/default.htm

Nitin Bhide
Thursday, July 24, 2003

Ethereal shows the raw packets going across your network.  Snort ( http://www.snort.org/ ) helps you figure out why those packets are going across your network.

snotnose
Thursday, July 24, 2003

I found ZoneAlarm Pro / Free to do similar job. If an application on your system all of a sudden decides to become a tcp/ip daemon, it will notify you and ask your permission. In fact, I think this goes for COM and DLLs too.

Li-fan Chen
Thursday, July 24, 2003

For win95/win98 there was a fake wsock32.dll capable of making logs of every call to the dll (this dll then called the real winsock dll, after logging). So you could log every socket operation this way.

I have no idea if it exists for XP.

Ross
Thursday, July 24, 2003

*  Recent Topics

*  Fog Creek Home