Sign in to follow this  
Followers 0
gingerbloke

How can I monitor which programs are accessing the Internet

18 posts in this topic

I am trying to monitor which programs are accessing the internet but I just do not know where to start.

I have looked on the forum and found examples for monitoring the amounts of information being sent/received by my computer but none that will just give me a list of what programs are connected to the internet.

All I am after is the ability to list the current running programs with internet access ie: iexplorer.exe, msn.exe ......

If it is possible with Autoit could you please point me in the right direction please?

Gingerbloke

Share this post


Link to post
Share on other sites



#2 ·  Posted (edited)

what was wrong with the previous thread you opened on this subject?

ah... see you posted it in the wrong forum. Just ask for moving it when this happens.

Jos

Edited by Jos

Visit the SciTE4AutoIt3 Download page for the latest versions        Beta files                                                          Forum Rules
 
Live for the present,
Dream of the future,
Learn from the past.
  :)

Share this post


Link to post
Share on other sites

I am trying to monitor which programs are accessing the internet but I just do not know where to start.

I have looked on the forum and found examples for monitoring the amounts of information being sent/received by my computer but none that will just give me a list of what programs are connected to the internet.

All I am after is the ability to list the current running programs with internet access ie: iexplorer.exe, msn.exe ......

If it is possible with Autoit could you please point me in the right direction please?

Gingerbloke

No, it's impossible to do that in AutoIt.

AutoIt is more for basic automation, you know like Send, Click and stuff.

Find some other language to do a bit advanced stuff.

You can also use google of course www.google.com or yahoo www.yahoo.com

Hope that helps.


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

lol :) <- you can try this

Share this post


Link to post
Share on other sites

If it cannot be done directly via Autoit, does anyone know of another way to get the data such as netstat or WMI?

If need be I will parse the information from another programs dump Posted ImageIf truth be known, I feel more like this:Posted Image

Gingerbloke

Share this post


Link to post
Share on other sites

The Truth is Out There.

The eXample Files. You watched?


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

The Truth is Out There.

The eXample Files. You watched?

Sorry but you have lost me with this one?

Posted Image Gingerbloke

Share this post


Link to post
Share on other sites

#9 ·  Posted (edited)

You can try using Networx.

It's a monitor that can also show which programs have active connections. It's free and has a portable version release.

Edited by omikron48

Share this post


Link to post
Share on other sites

...I have looked on the forum and found examples for monitoring the amounts of information being sent/received by my computer...

Could you please give me the links to those examples?(couldn't find 'em) It'd be quite handy...

Try Pacfox, my Firefox theme.Try Power Eject, my windows gadget that allows you to eject most drives.Using AutoIt 3.3.4.0, Windows 7 Premium, Intel Core 2 Quad CPU @ 2.66ghz, 4gb RAM, Nvidia GeForce 9500GT Graphics Card & Samsung 22" Monitor.

Share this post


Link to post
Share on other sites

Could you please give me the links to those examples?(couldn't find 'em) It'd be quite handy...

I had to find the script again but here is a modified one:

#include <GUIConstants.au3>
#include <WindowsConstants.au3>

GUICreate("Based on Lod3n's Bandwidth Monitor:",220,100,0,0,-1,$WS_EX_TOOLWINDOW)

$label1 = GUICtrlCreateLabel ( "Waiting for data...", 10, 5,200,20)
$label2 = GUICtrlCreateLabel ( "Waiting for data...", 10, 50,200,20)

GUISetState ()

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = "localhost"
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

while 1
    $colItems = $objWMIService.ExecQuery("SELECT BytesReceivedPersec,BytesSentPersec FROM Win32_PerfRawData_Tcpip_NetworkInterface", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
    If IsObj($colItems) then
        For $objItem In $colItems
   ToolTip($objItem.Name, 0, 0)
  ; sleep (1000)
        ;   If $objItem.Name = "ADAPTER NAME HERE" Then ;MUST PUT ADAPTER NAME HERE
                $in = $objItem.BytesReceivedPersec
                $out = $objItem.BytesSentPersec
   
                $intext = "Bytes In: " & $in & @CRLF
                $outtext = "Bytes Out: " & $out [email="&@CRLF"]&@CRLF[/email]

                GUICtrlSetData ($label1,$intext)
                GUICtrlSetData ($label2,$outtext)
        ;   EndIf
        Next
    EndIf
    sleep(100)
    If GUIGetMsg() = $GUI_EVENT_CLOSE Then ExitLoop
WEnd

Her is the link to the original program:

<Click Here>

Hope this helps

Gingerbloke

Share this post


Link to post
Share on other sites

#12 ·  Posted (edited)

Sorry but you have lost me with this one?

Posted Image Gingerbloke

Got you know, I am not used to links via pictures etc... so missed it.

The program works great but did not solve my issue. I will explain:

I was hoping to see which programs were accessing the internet because I keep getting popups that no virus or malware scanners detect (Antivir,Spybot, Spyware Doctor, Adaware, A-squared). Unfortunately, I am only seeing 2 internet explorer programs that are hidden and when I try and kill the process they just keep starting up again.

Does anyone know how to get the 'parent' program that tells another program to run?

For example, if I had an Autoit program open 'Notepad', is there a way to identify that my Autoit program started a particular instance of Notepad?

I have checked the startup locations and nothing is extra to what I would expect so I need to find what is causing me the issue.

Sorry to go the long way round but I was hoping that my original request would give the answer.

If you think this would be better asked as a new topic then please say.

Gingerbloke

Edited by gingerbloke

Share this post


Link to post
Share on other sites

Got you know, I am not used to links via pictures etc... so missed it.

The program works great but did not solve my issue. I will explain:

I was hoping to see which programs were accessing the internet because I keep getting popups that no virus or malware scanners detect (Antivir,Spybot, Spyware Doctor, Adaware, A-squared). Unfortunately, I am only seeing 2 internet explorer programs that are hidden and when I try and kill the process they just keep starting up again.

Does anyone know how to get the 'parent' program that tells another program to run?

For example, if I had an Autoit program open 'Notepad', is there a way to identify that my Autoit program started a particular instance of Notepad?

I have checked the startup locations and nothing is extra to what I would expect so I need to find what is causing me the issue.

Sorry to go the long way round but I was hoping that my original request would give the answer.

If you think this would be better asked as a new topic then please say.

Gingerbloke

Gingerbloke

A large amount of processes informations you get by running script from thread called ProDLLer: Unknown code running? Befriend or Kill! <- thats'a link, click it.

You really thought I was giving links to google or yahoo in my post (or you still are maybe)? Why would I do that?


♡♡♡

.

eMyvnE

Share this post


Link to post
Share on other sites

#14 ·  Posted (edited)

A large amount of processes informations you get by running script from thread called ProDLLer: Unknown code running? Befriend or Kill! <- thats'a link, click it.

You really thought I was giving links to google or yahoo in my post (or you still are maybe)? Why would I do that?

trancexx

At the time yes, but you have taught me a good lesson about links: "Click Everywhere Just In Case".

See, the saying that you learn something new everyday is correct!

Since my last post, the word came to mind 'Treeview' so I searched on that and found how to get parent, grandparent and all the way back to 'Great Uncle Bulgaria' (the wombles for anyone that does not know)

Here is the link if anyone wants it: <Click Here>

I have just found that it is a program running as a service so I will disable it and see if that works.

I will checkout your links as well so thanks for your help

GingerblokePosted Image

Edited by gingerbloke

Share this post


Link to post
Share on other sites

#15 ·  Posted (edited)

Usually, if there's suspicion of a virus or malware, I just pull out Process Explorer and Autoruns. I kill any programs I don't know then I check what registry entries shouldn't be there.

Usual places to look would be (including their HKCU counterparts):

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunService

Startup folder

EDIT: Oh, yeah. Forgot to include those annoying ones that hide in the Recycler or Restore folders. You sometimes need Unlocker to delete those.

EDIT2: And also msconfig for checking enabled services.

Edited by omikron48

Share this post


Link to post
Share on other sites

Usually, if there's suspicion of a virus or malware, I just pull out Process Explorer and Autoruns. I kill any programs I don't know then I check what registry entries shouldn't be there.

Usual places to look would be (including their HKCU counterparts):

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunService

Startup folder

EDIT: Oh, yeah. Forgot to include those annoying ones that hide in the Recycler or Restore folders. You sometimes need Unlocker to delete those.

EDIT2: And also msconfig for checking enabled services.

This one turned out to be an 'addon' for Windows Messenger that my kids use. It instaled itself as a service to allow itself to keep going whilst the system was running. I had to trace it back from the process starting up the hidden internet explorer programs.

My next project I think will be to monitor (using the process tree) processes trying to run from temp files or temporary internet whilst online and kill them.

Gingerbloke

Share this post


Link to post
Share on other sites

#17 ·  Posted (edited)

Forgot about that experience. IE Browser Helper Objects that aren't any help at all.

Had to disable the from the Addon Manager in IE.

There's a good number of places malicious programs can hide in on Windows.

Edited by omikron48

Share this post


Link to post
Share on other sites

Hi all,

is there any way to monitor the bandwidth of a linux PC connected in LAN by using the "Lod3n's Bandwidth Monitor".

Actually that uses winmgmts service, but is there anything for linux.

Please help.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0