How to see stuff uploading?
Page 1 of 2 12 LastLast
Results 1 to 10 of 14

Thread: How to see stuff uploading?

  1. #1
    Junior Member
    Join Date
    Apr 2006
    Posts
    5

    How to see stuff uploading?

    Hi!

    I would like to know if there is a way to see if someone is uploading stuff from my HDD?
    /windows xp/
    I'm asking this 'cause i'm experimenting some wierd stuff:

    -my second HDD that isn't running because i set it to shut down after a certain time of inactivity, gets switched on all of a sudden

    -my router is flashing like a fool

    i know that with netstat you can see if you are connected with somebody, but i think it's in relation with my p2p application, so there's no way to know who is the "hacker" in an endless list.

    Does anybody know a method to see what is uploading from a HDD that's not even shared?

    Thanks in advance.

  2. #2
    Howdy.

    Maybe try using a network monitoring app. I use Du Meter, as it's easy to configure and it's not a system resource hog.
    Du Meter HomePage
    DU Meter is an award winning utility from Hagel Technologies that provides an accurate account of the data which is flowing through your computer's network connection at any given moment. This readout is presented in both numerical and graphical format, in real time. DU Meter includes extensive logging facility, flexible events system, and more. It supports Windows 95/98/NT4/2000 and XP! DU Meter works with virtually all types of network connections: phone modems, DSL, cable modem, LAN, satellite, and more.
    Also maybe check your firewall, and configure it as necessary.

    cheers
    f2B

  3. #3
    Elite Hacker
    Join Date
    Mar 2003
    Posts
    1,407
    shut off your p2p application then check netstat. Or shut if off then sniff with something like ethereal. It may not be black and white what is normal traffic and what is bad. So once you've sniffed, you may want to ask some questions about some of the traffic. It'd be a good idea to include the source and destination port and the protocol used which the sniffer should tell you. Either way, the more normal traffic you have the harder it's going to be to spot abnormal or unwanted traffic. So shut off anything you can when you're checking for unwanted traffic.

    It could just be the p2p app that is all the traffic and nothing is wrong. Good luck.

  4. #4
    AO übergeek phishphreek's Avatar
    Join Date
    Jan 2002
    Posts
    4,324
    You may even want to have a look at a filesystem monitor such as filemon to see what exactly is going on. If files are being accessed... it'll tell you which ones and you can get an idea of what program/application is accesssing it. If you're using linux and not windows, you can use "lsof" to list open files.

    Other than that... sniff your line and see what kind of traffic is going in/out your connection.

    Check your firewall logs.

    You can configure auditing on the filesystem to alert you to file access/deny and log that to the event logs. (just make sure to increase the default log size or it'll overwrite itself so quickly you don't see what is going on)

    It's also possible that your antivirus is doing a scheduled scan? Or, real time scan?

    The router flashing shouldn't mean much... especially if you're using a P2P app!
    Quitmzilla is a firefox extension that gives you stats on how long you have quit smoking, how much money you\'ve saved, how much you haven\'t smoked and recent milestones. Very helpful for people who quit smoking and used to smoke at their computers... Helps out with the urges.

  5. #5
    Junior Member
    Join Date
    Apr 2006
    Posts
    5
    Wow that was fast!

    Thanks a lot for the replies , i'll try them.

    Nevertheless i was hoping for a cmd command that shows file names being uploaded,
    but i dont think it exists , but that'd be a good idea though...

    Du meter is a good idea too cause if it shows more upload rate than the p2p it means
    two things:

    - either one of them isn't accurate / wich could be tested by a third software like
    DU Meter
    - or somebody's downloading stuff from me without my knowledge

  6. #6
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    That shouldn't surprise you with a P2P installed. Most of the time, these require that you agree to participate in some community shares or they have that capability turned on by default. Probably what is happening, unless you've manually turned off that capability. In that case, you may have a trojan or other nasty hooked in with the P2P.

  7. #7
    The Doctor Und3ertak3r's Avatar
    Join Date
    Apr 2002
    Posts
    2,744
    TCPVIEW

    but then your after a cli prog or commnd.. sry..that is another GUI..


    Also.. besides the P2P app.. have you done the mandatory Virus and Spyware/Adware scanns?
    "Consumer technology now exceeds the average persons ability to comprehend how to use it..give up hope of them being able to understand how it works." - Me http://www.cybercrypt.co.nr

  8. #8
    Dissident 4dm1n brokencrow's Avatar
    Join Date
    Feb 2004
    Location
    Shawnee country
    Posts
    1,242
    Active Ports is good, too. Has a few more options than TCP View.
    “Everybody is ignorant, only on different subjects.” — Will Rogers

  9. #9
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,190
    Hi redneckL33t

    I am a little confused here. You say "uploading" which means somebody actually adding stuff to your HDD. This can be preliminarily checked by using windows Explorer set to display all files and searching on the datestamp of the file.

    If you actually mean downloading/accessing then you have a lot of suggestions above.

    I am no expert in P2P but my understanding is similar to that of rapier57 . I think that you need to have some sort of share on your system, or at least the P2P expects one. Could it be the equivalent of a search engine spider/bot that is looking for what you are offering to share?

    This is pure speculation/guesswork on my part, but if there is that sort of mechanism in your P2P app; what would it do if it found nothing, as opposed to an empty folder or partition?

    I would still go into safe mode and do the usual malware checks, if only for your own peace of mind
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  10. #10
    Junior Member
    Join Date
    Apr 2006
    Posts
    5
    You're totally right Nihil, i'm sorry of course i meant "downloading" from my HDD , it's my bad.

    Yes in the p2p application the folder where you download is enabled to share by default but not the whole HDD and especially not the second one.

    "This is pure speculation/guesswork on my part, but if there is that sort of mechanism in your P2P app; what would it do if it found nothing, as opposed to an empty folder or partition?"

    I dont really get what you mean but if it finds nothing it downloads nothing i think.

    Do you think that to do the malware checks in safemode can give you more results than normally?

    Anyway thanks for everyone for the kind responses,
    Active Ports is a really cool software, gonna check the others too.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •