This is precisely what netstat (using the upper case b as in bravo switch) does--it lets u know what the machine is connected to. My own personal guess is that he's got some kinda rootkit that's not being detected because the driver loads prior to the protection software & subverts it. 1 of my favorite tools in this regard is Farbar Recovery scan tool, but u *really* need to know what you're doing w/it or u could muck the machine up bigtime lol. Gl w/it, Steve. I know you're more than capable of figuring it out. On 12/16/16, Steve Matzura <sm@noisynotes.com> wrote:
I can't because I hadn't decided on what tool to use to obtain that information. Now that I know how to run Wireshark from the command line, I will get it. All he knows is that every day, his data usage climbs by leaps and bounds, some days by hundreds of gigs per day, and he swears he's just sitting there watching paint dry. In other words, his machine is on but he's not doing anything with it that would or should impact network statistics as they have been lately. A few emails now and then, no streaming audio or video, nothing of which he can think that would point to big daily data usage numbers.
On Fri, 16 Dec 2016 19:14:29 +0000, you wrote:
Hi,
I use TCPDump but its output is how do you say quite verbose. I second John's suggestion of ngrep - I use it at work but I probably wouldn't spin up a machine just to use it. Can you detail what exactly is happening to your friends network?
Cheers, Ben.
On 12/16/16, Jackie McBride <abletec@gmail.com> wrote:
https://www.wireshark.org/docs/wsug_html_chunked/ChCustCommandLine.html
& don't forget netstat /B (uppercase).
On 12/16/16, John G Heim <jheim@math.wisc.edu> wrote:
I use ngrep but that's linux. I haven't used Windows in many years. There are only like eleventy gazillion network tools for linux. I use ngrep because it was the first one I found 20 years ago. I learned it's command line syntax and have been using it ever since. I did track down a problem almost exactly like this many years ago with ngrep. I wrote a perl script thatsniffed packets with ngrep for about 30 seconds and then printed a list of the IP addresses and ports that were getting the most traffic. I can share that perl script but I suspect that by now there are linux network utilities that do it better.
Maybe it's that when you have a hammer, everything looks like a nail but if I had a problem like this, I sure would want to use a linux machine to track it down.
On 12/16/2016 10:32 AM, Steve Matzura wrote:
I have a friend with a big problem. Something is eating his network alive. Could be a computer, could be the modem, in which case a re-flash of firmware will fix it. All his computers are virus- and badware-free, according to up-to-date installations of antivirus and all kinds of anti-badware softwares. Meantime, I thought I'd see what Wireshark is like with a screenreader, test it locally, get my friend to install it, Tandem into that machine, run it, and see what's what. FORGETABOUTIT! Using the JAWS cursor doesn't do much, not even with the OCR feature. There are some tabbable dialogs, or screens that act like they're dialogs, but to kick the thing started, I just cannot seem to get it to start listening and collecting packets and doing its thing with them. I remember using this tool way back when it was EtherNim and thought it was pretty accessible. But that was more than a decade-and-a-half ago, and times (and obviously software) have changed. Anyone got any accessibility hacks for Wireshark, or can recommend another tool that runs on anything--Windows, OS X, some Linux--heck, I'd even run it on a Raspberry Pi if it's accessible!!--that will do the same thing?
Thanks in advance.
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Jackie McBride Website Hosting, Repair, & Development Author of the Book "My Site's Been Hacked, Now what?: A Guide to Preventing and Fixing a Compromised Website" www.brighter-vision.com Where Visionaries & Technology Unite for Good
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
_______________________________________________ Blind-sysadmins mailing list Blind-sysadmins@lists.hodgsonfamily.org https://lists.hodgsonfamily.org/listinfo/blind-sysadmins
-- Jackie McBride Website Hosting, Repair, & Development Author of the Book "My Site's Been Hacked, Now what?: A Guide to Preventing and Fixing a Compromised Website" www.brighter-vision.com Where Visionaries & Technology Unite for Good