Hello

Perhaps the more knowledgeable people can tell me how I can inspect data that comes in and then goes out of my machine without interfering with it (initially) ?

I am very security conscious and am using some unavoidable software. (broker) However I like to know what it is that this software once in a blue moon sends to its base and the answer it subsequently gets back. There seems to be little rhyme or reason when it sends something out - I only started to cotton on to this after I started using a Sygate firewall again (that I last used when running Win2000).

The related question to this will be: is there a way I can "fake" some information? It is just that I do not want to get some extreemly sensitive stuff to leave my machine since my livelyhood depends on it (I trade the stockmarket).

Have not got much of a clue where to start and do not want to start some alarm bells ringing either, it may well be interpreted in the wrong way or the stability of my software may get compromised which I want to avoid at all cost. Basically what I am talking about here is forensics.

Am I correct in thinking about packet sniffer / portmapping here? What is the best way to go about this?

Many thanks in advance
Leonardo

A good personal firewall should provide a good protection. Also a good HIPS like System Safety Monitor is important, to furtherly avoid malware phoning out of your system.

What makes you think that something unusual is going on? Did you check your connections with some port tools? If you are handling sensitive data, isn´t it upposed to go via SSL, making your session very secure?

You can try something like traceroute and a packet sniffer but I would suggest something like Online Armor firewall. It as a nice logging feature and you can set it to be about as secure as any firewall on the market. Also, it will detect leaks in your system. Although traceroute and a packet sniffer would be fine it may be better to start out with a firewall that does well on leak tests to see what may be leaving your computer without your knowledge.

free traceroute program -

http://www.d3tr.de/

also Wireshark and WinPcap

http://www.wireshark.org/faq.html#q1.14
http://www.winpcap.org/default.htm

Online Armor -

http://www.tallemu.com/

Online Armor support forum

http://support.tallemu.com/forums/viewforum.php?f=1

Online Armor has a 30-day trial. But you may need to go to the forum and PM Mike Nash to see if it is currently available for download. It may be a long term answer to your security needs. Sygate still has a large following and has been called the best windows firewall by many people. But it's leak detection is not one of its strong points.

Thanks for the reply.

A firewall will not help me because there is legitimate traffic going on. (to same address / same piece of software)

Have nothing concrete but there is some suspicious traffic at times which should not be there. It is at this stage merely a "hunch". Hence that I want to inspect the individual packets and if possible send some deliberate misinformation back.