PE not showing traffic

Discussion in 'Port Explorer' started by freaky al, Dec 10, 2004.

Thread Status:
Not open for further replies.
  1. freaky al

    freaky al Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    7
    Location:
    Calgary, AB, Canada
    If this is already covered somewhere else in the forum ... sorry in advance.

    I was doing some maintenance of things when I noticed something that bothered me.

    I'm using 'Bandwidth Monitor' to track throughput to/from my server PC (home lan), it also shows the current total speeds in and out. I noticed that it was showing traffic thru my NIC when I wasn't expecting any. I opened up PE and clicked on the 'ALL' tab, and according to PE there were no processes that showed any traffic under the 'Sent' or 'Received' columns. They were all at 0.00KB/s. Also the 'Window Log' area didn't have any activity, while the link light on my switch was flashing away. I traced it back to my roommate's PC (by pulling Cat5 cables), he was watching a video file.

    What worries me is that PE didn't show any traffic for an active transfer of data. What if his machine gets infected w/ a trojan (again) and they start leeching off my network thru him.

    'Hide Netstat Sockets' is disabled
    Refresh is set to 1 second
    'Reduce Memory Usage' is enabled

    Thanks in advance,
    Al
     
  2. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi freaky al, Port Explorer can only see what is happening between you and your network / router.

    If you want to see all of the outbound connections including those of other users then you will need to view your Router's logs, which may be adequate but quite often give minimal information.

    There are certain routers that can use add in logging programmes which can monitor all connections and that run from just one PC such as Wall Watcher.

    HTH Pilli
     
  3. freaky al

    freaky al Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    7
    Location:
    Calgary, AB, Canada
    PE shows all the 'svchost.exe' & '* SYSTEM' stuff from my server PC to my roommate's PC. I am talking about his connections to my server within the lan, I realize PE won't monitor his connections to the outside world without it being installed on his PC, or the use of a sniffer on the lan.

    Bandwidth Monitor is installed on the server PC, PE is on the server PC, BW Mon shows traffic on the server's NIC, PE shows no active traffic to/from the server PC.

    thx for the reply ... I'm sorry I wasn't clear enough.
     
  4. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
  5. freaky al

    freaky al Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    7
    Location:
    Calgary, AB, Canada
    Gotcha ... time to RTFM :D

    No worries ... thx,
    Al
     
  6. freaky al

    freaky al Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    7
    Location:
    Calgary, AB, Canada
    I was under the impression that ICMP was only for configuration messaging. Coping/moving/viewing files from one pc to another over a lan under windows is supposed to be done via TCP ... am I wrong?
     
  7. gpdev

    gpdev Registered Member

    Joined:
    Jun 22, 2003
    Posts:
    12
    Yes, ICMP is a control protocol used for PING and other configuration messages.
    File transfer is usually done over TCP or UDP.
    Windows usually uses TCP ports 139/445 and UDP ports 138/445 for "File & Printer Sharing"
     
  8. freaky al

    freaky al Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    7
    Location:
    Calgary, AB, Canada
    So I'm not mistaken then when I expect to see an established socket connection of some form (TCP or UDP) with speeds and incrementing totals in PE for a file transfer over a windows lan, from say 192.168.1.100 to 192.168.1.101?
     
  9. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Just a thought, When you see th 0.00KB in the Sent Received columns then the totals do not show unless you widen the columns by default the totals do not show in an unwidened column.

    Pilli
     
  10. freaky al

    freaky al Registered Member

    Joined:
    Dec 10, 2004
    Posts:
    7
    Location:
    Calgary, AB, Canada
    I run a dual 1600x1200 desktop ... so there is plenty of real estate. I can see both the speeds and (totals) in the same column.

    Would the above described transfer be a 'svchost' or 'SYSTEM' process?
     
Thread Status:
Not open for further replies.