Connections In/Out From PC
I currently running Window XP with Sygate firewall installed. This shows me a list of applications with their connections, the connection status, protocol, port number etc.
My questions are, how does this program know this information ? Are there raw log files located somewhere in the system files showing all connections or what ? If so is there anyway to manaully view this log file?. Also how much should i trust that all connections in and out and being shown to me ?
I know there are alot of questions there, but they have been playing on mind for a while. Any help would be great. Thanks alot.
Re: Connections In/Out From PC
Quote:
Originally posted here by mikester2
I currently running Window XP with Sygate firewall installed. This shows me a list of applications with their connections, the connection status, protocol, port number etc.
My questions are, how does this program know this information ? Are there raw log files located somewhere in the system files showing all connections or what ? If so is there anyway to manaully view this log file?. Also how much should i trust that all connections in and out and being shown to me ?
I know there are alot of questions there, but they have been playing on mind for a while. Any help would be great. Thanks alot.
Prior to posting this, did you actually take the time to search for the possible answers to your questions?, or did you just think , Lots of questions playing on my mind. Oh I'll post this on AO, save me the time and trouble to use my initiative and look for myself. ===>>> hint: Sygate, protocols, port Nos
Re: Connections In/Out From PC
Wow, a lot of people are grasping for the answer. If you guys don't actually know how it's done, then perhaps you should stop trying feebly to answer the question...
Quote:
Originally posted here by mikester2
I currently running Window XP with Sygate firewall installed. This shows me a list of applications with their connections, the connection status, protocol, port number etc.
My questions are, how does this program know this information ? Are there raw log files located somewhere in the system files showing all connections or what ? If so is there anyway to manaully view this log file?. Also how much should i trust that all connections in and out and being shown to me ?
Here's how it happens:
- When applications start up, they are assigned a unique identifier (Process ID) among other things.
- During this process, Windows records the information it hands out into an internal table.
- Now, let's say our application makes a connection out to another site on startup. By opening a connection, it is actually just asking Windows to try and open the connection.
- Windows will then create a new connection given the details of said connection, assigns the connection a special identifier, and then dumps this information as well into a table in the Windows kernel, just like processes are done (though in a different area obviously).
As to your latter questions, the "manual viewing" of this information is done through various tools in Windows (netstat as well as other tools as has been noted). Like all things, the only way to ensure the information you're viewing is accurate is to ensure that the pieces of code that assign or view this information are operating as they are intended. Many very powerful trojans frequently attempt to break process listing software in order to hide themselves on process list, and the same applies to network connection listing.
As for the overall question of how Sygate or any such application can know about this information, it's pretty straightforward: Windows provides a programmatic interface through which any application with sufficient privileges can obtain this information.
I hope that sufficiently answered your questions. :)