How can I monitor which programs are accessing the Internet

[gingerbloke]

I am trying to monitor which programs are accessing the internet but I just do not know where to start.

I have looked on the forum and found examples for monitoring the amounts of information being sent/received by my computer but none that will just give me a list of what programs are connected to the internet.

All I am after is the ability to list the current running programs with internet access ie: iexplorer.exe, msn.exe ......

If it is possible with Autoit could you please point me in the right direction please?

Gingerbloke

[Jos]

what was wrong with the previous thread you opened on this subject?

ah... see you posted it in the wrong forum. Just ask for moving it when this happens.

Jos

Edited December 5, 2009 by Jos

[trancexx]

I am trying to monitor which programs are accessing the internet but I just do not know where to start.

I have looked on the forum and found examples for monitoring the amounts of information being sent/received by my computer but none that will just give me a list of what programs are connected to the internet.

All I am after is the ability to list the current running programs with internet access ie: iexplorer.exe, msn.exe ......

If it is possible with Autoit could you please point me in the right direction please?

Gingerbloke

No, it's impossible to do that in AutoIt.

AutoIt is more for basic automation, you know like Send, Click and stuff.

Find some other language to do a bit advanced stuff.

You can also use google of course www.google.com or yahoo www.yahoo.com

Hope that helps.

[Authenticity]

lol <- you can try this

[gingerbloke]

If it cannot be done directly via Autoit, does anyone know of another way to get the data such as netstat or WMI?

If need be I will parse the information from another programs dump If truth be known, I feel more like this:

Gingerbloke

[trancexx]

The Truth is Out There.

The eXample Files. You watched?

[gingerbloke]

The Truth is Out There.

The eXample Files. You watched?

Sorry but you have lost me with this one?

Gingerbloke

[AdmiralAlkex]

Sorry but you have lost me with this one?

Gingerbloke

Didn't you see post4?

[omikron48]

You can try using Networx.

It's a monitor that can also show which programs have active connections. It's free and has a portable version release.

Edited December 7, 2009 by omikron48

[Vadersapien]

...I have looked on the forum and found examples for monitoring the amounts of information being sent/received by my computer...

Could you please give me the links to those examples?(couldn't find 'em) It'd be quite handy...

[gingerbloke]

Could you please give me the links to those examples?(couldn't find 'em) It'd be quite handy...

I had to find the script again but here is a modified one:

expandcollapse popup

#include <GUIConstants.au3>
#include <WindowsConstants.au3>

GUICreate("Based on Lod3n's Bandwidth Monitor:",220,100,0,0,-1,$WS_EX_TOOLWINDOW)

$label1 = GUICtrlCreateLabel ( "Waiting for data...", 10, 5,200,20)
$label2 = GUICtrlCreateLabel ( "Waiting for data...", 10, 50,200,20)

GUISetState ()

$wbemFlagReturnImmediately = 0x10
$wbemFlagForwardOnly = 0x20
$colItems = ""
$strComputer = "localhost"
$objWMIService = ObjGet("winmgmts:\\" & $strComputer & "\root\CIMV2")

while 1
    $colItems = $objWMIService.ExecQuery("SELECT BytesReceivedPersec,BytesSentPersec FROM Win32_PerfRawData_Tcpip_NetworkInterface", "WQL", $wbemFlagReturnImmediately + $wbemFlagForwardOnly)
    If IsObj($colItems) then
        For $objItem In $colItems
   ToolTip($objItem.Name, 0, 0)
  ; sleep (1000)
        ;   If $objItem.Name = "ADAPTER NAME HERE" Then ;MUST PUT ADAPTER NAME HERE
                $in = $objItem.BytesReceivedPersec
                $out = $objItem.BytesSentPersec
   
                $intext = "Bytes In: " & $in & @CRLF
                $outtext = "Bytes Out: " & $out [email="&@CRLF"]&@CRLF[/email]

                GUICtrlSetData ($label1,$intext)
                GUICtrlSetData ($label2,$outtext)
        ;   EndIf
        Next
    EndIf
    sleep(100)
    If GUIGetMsg() = $GUI_EVENT_CLOSE Then ExitLoop
WEnd

Her is the link to the original program:

<Click Here>

Hope this helps

Gingerbloke

[gingerbloke]

Sorry but you have lost me with this one?

Gingerbloke

Got you know, I am not used to links via pictures etc... so missed it.

The program works great but did not solve my issue. I will explain:

I was hoping to see which programs were accessing the internet because I keep getting popups that no virus or malware scanners detect (Antivir,Spybot, Spyware Doctor, Adaware, A-squared). Unfortunately, I am only seeing 2 internet explorer programs that are hidden and when I try and kill the process they just keep starting up again.

Does anyone know how to get the 'parent' program that tells another program to run?

For example, if I had an Autoit program open 'Notepad', is there a way to identify that my Autoit program started a particular instance of Notepad?

I have checked the startup locations and nothing is extra to what I would expect so I need to find what is causing me the issue.

Sorry to go the long way round but I was hoping that my original request would give the answer.

If you think this would be better asked as a new topic then please say.

Gingerbloke

Edited December 8, 2009 by gingerbloke

[trancexx]

Got you know, I am not used to links via pictures etc... so missed it.

The program works great but did not solve my issue. I will explain:

I was hoping to see which programs were accessing the internet because I keep getting popups that no virus or malware scanners detect (Antivir,Spybot, Spyware Doctor, Adaware, A-squared). Unfortunately, I am only seeing 2 internet explorer programs that are hidden and when I try and kill the process they just keep starting up again.

Does anyone know how to get the 'parent' program that tells another program to run?

For example, if I had an Autoit program open 'Notepad', is there a way to identify that my Autoit program started a particular instance of Notepad?

I have checked the startup locations and nothing is extra to what I would expect so I need to find what is causing me the issue.

Sorry to go the long way round but I was hoping that my original request would give the answer.

If you think this would be better asked as a new topic then please say.

Gingerbloke

Gingerbloke

A large amount of processes informations you get by running script from thread called ProDLLer: Unknown code running? Befriend or Kill! <- thats'a link, click it.

You really thought I was giving links to google or yahoo in my post (or you still are maybe)? Why would I do that?

[gingerbloke]

A large amount of processes informations you get by running script from thread called ProDLLer: Unknown code running? Befriend or Kill! <- thats'a link, click it.

You really thought I was giving links to google or yahoo in my post (or you still are maybe)? Why would I do that?

trancexx

At the time yes, but you have taught me a good lesson about links: "Click Everywhere Just In Case".

See, the saying that you learn something new everyday is correct!

Since my last post, the word came to mind 'Treeview' so I searched on that and found how to get parent, grandparent and all the way back to 'Great Uncle Bulgaria' (the wombles for anyone that does not know)

Here is the link if anyone wants it: <Click Here>

I have just found that it is a program running as a service so I will disable it and see if that works.

I will checkout your links as well so thanks for your help

Gingerbloke

Edited December 8, 2009 by gingerbloke

[omikron48]

Usually, if there's suspicion of a virus or malware, I just pull out Process Explorer and Autoruns. I kill any programs I don't know then I check what registry entries shouldn't be there.

Usual places to look would be (including their HKCU counterparts):

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunService

Startup folder

EDIT: Oh, yeah. Forgot to include those annoying ones that hide in the Recycler or Restore folders. You sometimes need Unlocker to delete those.

EDIT2: And also msconfig for checking enabled services.

Edited December 9, 2009 by omikron48

[gingerbloke]

Usually, if there's suspicion of a virus or malware, I just pull out Process Explorer and Autoruns. I kill any programs I don't know then I check what registry entries shouldn't be there.

Usual places to look would be (including their HKCU counterparts):

HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\Run

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce

HKLM\Software\Microsoft\Windows\CurrentVersion\RunService

Startup folder

EDIT: Oh, yeah. Forgot to include those annoying ones that hide in the Recycler or Restore folders. You sometimes need Unlocker to delete those.

EDIT2: And also msconfig for checking enabled services.

This one turned out to be an 'addon' for Windows Messenger that my kids use. It instaled itself as a service to allow itself to keep going whilst the system was running. I had to trace it back from the process starting up the hidden internet explorer programs.

My next project I think will be to monitor (using the process tree) processes trying to run from temp files or temporary internet whilst online and kill them.

Gingerbloke

[omikron48]

Forgot about that experience. IE Browser Helper Objects that aren't any help at all.

Had to disable the from the Addon Manager in IE.

There's a good number of places malicious programs can hide in on Windows.

Edited December 9, 2009 by omikron48

[Kris123]

Hi all,

is there any way to monitor the bandwidth of a linux PC connected in LAN by using the "Lod3n's Bandwidth Monitor".

Actually that uses winmgmts service, but is there anything for linux.

Please help.