I notice as I'm sitting doing whatever in Windows, the green activity bar in ZoneAlarm starts going crazy with activity. I think this odd, since I'm not downloading anything or surfing the web at the time, and none of the programs that typically do updates (i.e. Steam) are doing anything. To figure things out, I ran TCPView from SysInternals. Unfortunately, TCPView doesn't indicate anything when ZoneAlarm's activity monitor runs green.
What else can I do to figure out what programs or processes are downloading stuff from the Internet?
Where's the activity coming from?
4 posts
• Page 1 of 1
Where's the activity coming from?
posted on Sat Jun 05, 2010 1:11 pm
Sheep Rustlers in the sky! <S> Slapt | <S> FUI | Air Warrior II/III
AMDPhenomIIX3 720 | 4GBDDR2 | RadeonHD4870 | WD CaviarBlack640 | AntecSonataIII | Logitech KB/M | HOTAS Cougar | CSW PC Works | GradoSR80 | XPPro
AMDPhenomIIX3 720 | 4GBDDR2 | RadeonHD4870 | WD CaviarBlack640 | AntecSonataIII | Logitech KB/M | HOTAS Cougar | CSW PC Works | GradoSR80 | XPPro
- FireGryphon
- Darth Gerbil
- Posts: 7083
- Joined: Sat Apr 24, 2004 6:53 pm
- Location: the abyss into which you gaze
Re: Where's the activity coming from?
posted on Sat Jun 05, 2010 1:47 pm
It's been a while since I used ZoneAlarm, but doesn't it have options to show more detail about the activity it is reporting?
ProcessExplorer can be configured with per-process IO activity graphs, which may tell you something (since that tracks a lower level than TCP/IP). The Resource Monitor in Windows 7 does something similar but without as much detail AFAIK.
ProcessExplorer can be configured with per-process IO activity graphs, which may tell you something (since that tracks a lower level than TCP/IP). The Resource Monitor in Windows 7 does something similar but without as much detail AFAIK.
- UberGerbil
- Gerbil Khan
- Posts: 9836
- Joined: Thu Jun 19, 2003 2:11 pm
Re: Where's the activity coming from?
posted on Sat Jun 05, 2010 2:10 pm
TCPView should indicate open sessions. Process Explorer is a good tool for locking at statistics, but if you really want to figure out what happens in this case, download and run Process Monitor. What it does is that it captures and can log all events, including treads, profiling, networking, file access, etc. I just about always use Process Explorer and Process Monitor together to figure out what is happening.
If that doesnt cut it, you can always try wireshark to actually capture the packets going out on the network interface. Or what you really should do is actually getting a trace on a monitor port or similar tap upstream of your computer from a known good source, at least if you suspect anything is fishy with your comp. Depending on your router, you might setup a traffic log and check if you open connections that are outside of the ones that process monitor / Tcp view sees.
If its something really bad rootkit or something it can be that it actually burries itself beneth the os and report everything is fine upwards, but depending on your OS, I havent seen to many of those in the wild outside of the demos I got in a lab setting.
If that doesnt cut it, you can always try wireshark to actually capture the packets going out on the network interface. Or what you really should do is actually getting a trace on a monitor port or similar tap upstream of your computer from a known good source, at least if you suspect anything is fishy with your comp. Depending on your router, you might setup a traffic log and check if you open connections that are outside of the ones that process monitor / Tcp view sees.
If its something really bad rootkit or something it can be that it actually burries itself beneth the os and report everything is fine upwards, but depending on your OS, I havent seen to many of those in the wild outside of the demos I got in a lab setting.
- Aphasia
- Grand Gerbil Poohbah
- Posts: 3219
- Joined: Tue Jan 01, 2002 6:00 pm
- Location: Solna/Sweden
Re: Where's the activity coming from?
posted on Mon Jul 12, 2010 8:27 am
Windows 7's Resource Monitor maps activity to processes.
#182 TT: 13/DNVT, Precedence: Flash Override. Switch: Node Center. MSE forever.
- Contingency
- Gerbil Jedi
- Posts: 1525
- Joined: Sat Jun 19, 2004 3:03 pm
- Location: al.us
4 posts
• Page 1 of 1
Who is online
Users browsing this forum: No registered users and 6 guests
