Offline Windows Install

Gamingphreek · Jan 24, 2011

I am setting up (and managing) systems in an offline environment.

I need some help disabling different aspects of the OS which seem to attempt to communicate out to a WAN side connection. Since there is no WAN side per se, my Firewall is getting absolutely bombarded (And, as such, I am getting a ton of E-Mails).

While I could disable the E-Mails or turn a blind eye towards it, I want to get to the root of the issue and figure out what applications or aspects of the OS are causing it in the first place.

Wireshark is not something I will be able to run on this network. 'netstat -b' revealed processes with active connections; however, active connections don't do much good for me unless I happen to run the command at the exact time the processes are trying to reach out.

Does anyone have any suggestions?

Thanks,
-Kevin

bruceb · Jan 25, 2011

Have a look here .. route your Netstat to a Log file. You can also filter
it to TCP or UDP connections.

http://www.ehow.com/how_2212398_use-netstat-commands.html

1. Close all open programs on your computer. Click the start button. Click "Run." Type the word "cmd" in the run box. This will display a command prompt.

2. Type in "netstat" at the command prompt, followed by the argument that you want to use. For a list of all netstat arguments, type "netstat /?."

3. Use "netstat -a" to get a list of all open network and Internet connections. To see IP addresses rather than names, use the "-an" argument.

4. Specify which type of protocols are in use. Type "netstat -p TCP" to show only TCP connections. Type "netstat -p UDP" to show UDP traffic.

5. Enter "netstat interval 10" to have netstat information displayed every 10 seconds. Replace the 10 with any number you want to use. To stop, press "ctrl" and "c" at the same time.

6. Create a file by typing ">" followed by the file location and name of the text file after your netstat command. For example, "netstat -a >c:\log.txt" will create a file called log.txt on the C drive. The file will contain the netstat results. Open the file with Windows notepad.

7. Check out active routes by typing "netstat -r." This displays your routing tables, including destination address, net mask and gateway.

Gamingphreek · Jan 25, 2011

bruceb said:
Have a look here .. route your Netstat to a Log file. You can also filter
it to TCP or UDP connections.

http://www.ehow.com/how_2212398_use-netstat-commands.html

1. Close all open programs on your computer. Click the start button. Click "Run." Type the word "cmd" in the run box. This will display a command prompt.

2. Type in "netstat" at the command prompt, followed by the argument that you want to use. For a list of all netstat arguments, type "netstat /?."

3. Use "netstat -a" to get a list of all open network and Internet connections. To see IP addresses rather than names, use the "-an" argument.

4. Specify which type of protocols are in use. Type "netstat -p TCP" to show only TCP connections. Type "netstat -p UDP" to show UDP traffic.

5. Enter "netstat interval 10" to have netstat information displayed every 10 seconds. Replace the 10 with any number you want to use. To stop, press "ctrl" and "c" at the same time.

6. Create a file by typing ">" followed by the file location and name of the text file after your netstat command. For example, "netstat -a >c:\log.txt" will create a file called log.txt on the C drive. The file will contain the netstat results. Open the file with Windows notepad.

7. Check out active routes by typing "netstat -r." This displays your routing tables, including destination address, net mask and gateway.

First off, thanks for taking the time to reply - I really appreciate it. There are a couple problems with the suggestions though:

1. The redirect '>' will overwrite the file or '>>' append to the file. If I have this running every 10 seconds that will be an enormous text file containing much of the same information.

2. Kind of piggy-backing off of the first point, 10 seconds could be much to granular. If a program opens a socket, bursts a broadcast message (Which I would assume is UDP) and then closes, I would have no record of it. At the same time polling every 500ms would be far too much data for me to attempt to go through.

3. My report from my Firewall gives me the port numbers and the IP addresses in question. I need the process that is causing these packets to be send (A /b switch only partially resolves the process name).

Is there anyway to monitor a specific range of ports as well as what process (or even sub-process) opened that port? Ugh- this is where Wireshark would really really help...

bruceb · Jan 25, 2011

Not sure .. maybe look at this program (freeware)

http://www.radmin.com/products/utilities/portscanner.php

Search

Offline Windows Install

Gamingphreek

Lifer

bruceb

Diamond Member

Gamingphreek

Lifer

bruceb

Diamond Member

TRENDING THREADS