• We should now be fully online following an overnight outage. Apologies for any inconvenience, we do not expect there to be any further issues.

Question Small utility for controlling access of programs to the network.

bluenite38

Member
Apr 20, 2011
59
4
71
Can anyone advise a program for monitoring installed software that tries to access the internet? Firewall in interactive mode can do this too of course, or Task Manager too, I'm looking for something specialised, with logging or statistics etc.

Thanks for the tips

Peter
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
Additional info.

Don't know if it still applicable to Windows 10?


Don't really completely understand proxy servers though.

Router/gateway/hardware (or VM) firewall probably is the only way to be able to control everything.
 
Last edited:

Tech Junky

Diamond Member
Jan 27, 2022
3,825
1,343
106
It's just what issues DHCP/DNS to clients instead of the router and then you can tune it to block things.

I took things one step further and made my own router out of s PC setup using Linux and took back the power from those companies. There are some perks to diy as you're not relying on bogus firmware to be released or limited to under powered devices. Making your own could be cheap or about the same as something off the shelf or you can go all out and roll other functions into it.
 

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
My understanding is that even NTOP will not give you application name that end users use on their machines, it can only give you protocol analysis and what percentage each one occupies.

And proxy server can do content filtering/caching and also authenticating users' access to internet, but I haven't really take a serious look at it.
 

Tech Junky

Diamond Member
Jan 27, 2022
3,825
1,343
106
I have mine setup to restart every 10 minutes to have the "pro" view which is more intuitive. The community version doesn't dig down into things very well. I also edited the config file to break out additional tap points wan/lan/vpn. Since I route everything out the VPN it makes things easier to spot if something is bypassing it to the wan directly. I do have some sites I do bypass though to avoid blocking messages from popping up or captcha prompts all of the time. Ntop though does classify traffic based on apps and type of traffic. I'll post some screen shots.
 

Tech Junky

Diamond Member
Jan 27, 2022
3,825
1,343
106
It will give you some fingerprint info based on the traffic. Devices like my projector which is CN based is one of my concerns for potential leaks. Digging into it though I can see mundane traffic to google since it's android based OS for smart functions. Looking in pihole though would give more direct destinations being probed outside of the android OS. There's tons of stuff being blocked from either apps or the system OS trying to hit ad systems and telemetry destinations. I tend to first stop things by blocking DNS per device which stops most of the dumb apps that use FWDN instead of IP to call home and change their registered IP often to avoid blocking. There's a ton of ways to approach this sort of thing and some work better for some than others. It depends on how much surveillance you want to do on your traffic. If looking for something that's simple then going with a UTM would be easier but it will cost you more unless you find an app that does the same functions and take on more effort to setup / tune it. This falls more into the IDS/IPS realm though. I do restrict things considerably using FW rules that limit traffic only originated from the LAN and block everything else. I also have my VPN cycle servers every 30 minutes to interrupt traffic flows if something did happen to establish a session. Originally I had it set to 15 minutes but, that was a bit aggressive.

1690904256973.png
1690904329539.png

1690904541818.png
1690904627156.png
1690904764360.png
 
  • Like
Reactions: mxnerd

mxnerd

Diamond Member
Jul 6, 2007
6,799
1,103
126
NTOP does give you whole network stats. :D Maybe one day I'll consider build my own pfsense router (real PC or VM) .

MS Windows also have built-in network data stats for applications for a local machine.

Go to Settings, Network and Internet, click Data Usage for a specific adapter and you can see network usage by applications. But it's not limited to internet, remote desktop local sessions are included too.

If OP really wants to control application usage for internet, OP might want to control what can be installed on the machine.

Just reinstalled my Windows system a few days ago.

Untitled.png

Untitled2.png
 
Last edited:

Tech Junky

Diamond Member
Jan 27, 2022
3,825
1,343
106
OP might want to control what can be installed on the machine.
True. Thinking back ond time to personal firewalls I'm trying to think of one or two apps that prompted for access by program. There were a couple of av suites that managed access by inserting fw rules depending on your response to the alerts. Localized rules and monitoring are possible but, can be cumbersome.