how-to block ads
|
dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
clubs:
 ·Comcast
| How to find which program is trying to get online? Excuse me if this has been asked-couldn't see any info in FAQ and would appreciate the link if it is: How can I tell which program is trying to get online through my windows explorer when I have a MD hash (not sure of that spelling)number and a long list of numbers? It comes up in my ZA about every day or so and I tell it no, so far no ill effects that are obvious. Have run McAfee,Spybot,etc. so I assume an "innocent" program but am curious and would like to figure this out. | |
|  
Randy Bell
Premium
join:2002-02-24
Santa Clara, CA
| Re: How to find which program is trying to get online? You mean, ZA doesn't give the program a name and path? There have been problems in the past with ZA claiming a no-name app was trying to get out to the Net. 
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) | |
| 
richtig
Music Is Emotion
Premium
join:2003-02-19
Australia
clubs:
| Re: How to find which program is trying to get onl Download fport from »www.foundstone.com. From the readme.txt
fport v2.0
fport supports Windows NT4, Windows 2000 and Windows XP
fport reports all open TCP/IP and UDP ports and maps them to the owning application.
This is the same information you would see using the 'netstat -an' command, but it also
maps those ports to running processes with the PID, process name and path. Fport can be
used to quickly identify unknown open ports and their associated applications.
--
... and a Happy and Prosperous 2004 | |
|
dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
clubs:
·Comcast
2 edits | Re: How to find which program is trying to get online? The program trying to connect is a "program from windows explorer" with MDHash5 a73bc66a95cf4f7b597fc8975778a889
I figure may be adobe reader??? or possible media? just would like to find out for sure.When I search for the DNS for the outgoing I get this:
NetName:
MCAST-NET
NetHandle:
NET-224-0-0-0-1
Parent:
NetType: IANA Special Use
NameServer: FLAG.EP.NET
NameServer: STRUL.STUPI.SE
NameServer: NS.ISI.EDU
NameServer: NIC.NEAR.NET
Comment:
This block is reserved for
special purposes.
Comment:
Please see RFC 3171 for
additional information.
Comment:
RegDate: 1991-05-22
Updated: 2002-09-16
OrgAbuseHandle: IANA-IP-ARIN
OrgAbuseName: Internet
Corporation for Assigned Names
and Number
OrgAbusePhone:
+1-310-301-5820
OrgAbuseEmail:
abuse@iana.org
OrgTechHandle:
IANA-IP-ARIN
OrgTechName:
Internet Corporation for Assigned
Names and Number
OrgTechPhone:
+1-310-301-5820
OrgTechEmail:
abuse@iana.org
(Search for
MCAST-NET turned this up)
[SpamCop-Geeks] Re: MCAST.net and
Interland.net (longish, maybe OT)
Jonathan Rynd
spamcop-geeks@news.spamcop.net
Fri, 25 Oct 2002 14:22:38
-0400
Previous message:
[SpamCop-Geeks] MCAST.net and
Interland.net (longish, maybe OT)
Next message: [SpamCop-Geeks] Re:
MCAST.net and Interland.net
(longish, maybe OT)
Messages
sorted by: [ date ] [ thread ] [
subject ] [ author ]
On Fri, 25 Oct
2002 13:40:39 -0400, "Sir
Lurksalot II"
wrote:
>These happened right
away at logon:
>23/Oct/2002
20:37:58 Outgoing ICMP
permitted; Out ICMP
[10] Router
Solicitation;
localhost->ALL-ROUTERS.MCAST.NET
>[224.0.0.2]; Owner: Tcpip Kernel
Driver
Your computer is set up
to accept "IP Multicast".(not
sure what this is?) This is a
setting in
your OS and does not
depend on whether you view
streaming media or
not.
Mcast.net is not a real domain;
it is the fictitious domain set
up for
the IP addresses that are
reserved for IP multicast.
Nothing to worry about.
>23/Oct/2002 20:46:58 Outgoing
ICMP permitted; Out ICMP [8]
>Echo Request;
localhost->64.224.86.159; Owner:
Tcpip Kernel
Driver
This means
that some software on your
machine is pinging
64.224.86.159.
My guess is that it's some
software trying to tell if
you
have an active Internet
connection or not, probably so it
can
phone home and check for
updates.
>Oh, and to the best of
my ability, I am virus/worm
free,
>adaware free, don't use
chats, do use ICQ (but it's
Removed
>for the duration until,
I settle this), and other
newsgroups I
>use are strictly
forced-text so I doubt I picked
anything up
>online.
It's still
possible that some program on
your machine is making the
network connections without
asking you. But the only way to
be sure is
to reinstall
Windows..."
Downloaded program Fport, ran it and it flips by so quick can't see anything. Couldn't find help in the readme section-is there a way to get it to stay so I can see it? | |
| | 
EmilioG
Whats This?
Premium
join:2000-09-19
New York, NY
|  Re: How to find which program is trying to get online?
--
One operating system to rule them all. | |
| | | | 
RLD
Its All About Choice.
join:2001-07-05
North Richland Hills, TX
| multicast is normal traffic you can block it or ignore it. you can block it by not allowing the ip (224.0.0.1) out; but, it may cause problems with streaming media (music, video, realmedia, wma, etc).
--
R.L.Dempsey
OS/2 Warp & eCS (by Choice)
Mac OS/X & Linux (for FUN)
friggin windoze (by necessity)
| |
|
dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
clubs: | I have McAfee-but not impressed with it-is up in March and seriously considering Norton-sounds nice! | |
| |
dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
clubs: | I don't understand creating batch file sorry, is there another way to slow it down so I can see? or maybe another program that does same but viewable? | |
| | | |
Randy Bell
Premium
join:2002-02-24
Santa Clara, CA
3 edits | said by dandelion  :
I don't understand creating batch file sorry, is there another way to slow it down so I can see? or maybe another program that does same but viewable?
1. Open Notepad
2. Enter "CD {Fport_Path}" {without quotes}
3. Enter "fport > fport.txt" {without quotes}
4. File, Save As: "launch.bat" {with quotes}
In Step 4; File, Save As: -- choose "All files" and save as "launch.bat" {with quotes} -- the quotes tell Notepad *NOT* to append a .txt or any other extension -- the saved file must have a .bat extension.
In Step 2, {Fport_Path} is the specific folder {complete path} you put the fport program in. The "CD" is a "change directory" command, that tells it to go to that folder where fport is located.
If you save "launch.bat" to your Windows directory, it will be accessible at all times by typing "launch" from the Command Prompt. This is because Windows directory is part of the environment "path" that is always searched first for executable programs. Hope that helps.
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) | |
| | | dlritter
join:2000-09-26
Hanford, CA | First, try regedit and do a find on the hash signature.
Second, try uninstalling FoldingAtHome and see if the problem goes away.
73 Dave | |
|
dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
clubs: | tried regedit-it couldn't find anything- not ready to remove FAH and since Spybot says no problems, guess I'll just forget it-whatever it is, I'm effectively blocking it, but thanks all for your help!!! | |
| |
Randy Bell
Premium
join:2002-02-24
Santa Clara, CA
| Re: How to find which program is trying to get online? Is FAH the Stanford project described in Google link? If that is it, it sounds pretty harmless to me .. lol.
--
"But now abide faith, hope, love, these three; but the greatest of these is love." (1 Cor. 13:13) | |
| |
dandelion
Premium,MVM
join:2003-04-29
Germantown, TN
clubs: | ahhh so the program trying to get out is multicast? Since I don't use anyway, I'll just block. Thanks for the input!
My NVidia card came with WDM says exclamation on the drive-
wonder if related? | |
| | | |
|
