September 14th, 2006, 03:41 PM
Open Files and Sessions Consoles Stink
So I'm sitting at my desk yesterday and my laptop's disk activity light starts flashing like crazy. I run netstat and find that the other admin is connected to my machine and I can only assume that he's downloading a large file.
I bring up the computer management console and look under the sessions and open files headings and find that there is nothing there. Strange... So I remove the exception for file and printer sharing in the Windows Firewall and his connections gets killed.
Later on, I try to pull up a text file on a remove xp box and find that the console isn't showing anything there either. What gives?
Furthermore, does anyone know what tools are available that allow me to monitor active connections to my computer (preferably showing what files are being accessed)?
September 14th, 2006, 05:06 PM
Is it possible that you have been compromised and that his machine was trying to upload malware to yours?
I run netstat and find that the other admin is connected to my machine and I can only assume that he's downloading a large file.
Malware does tend to be designed to avoid casual detection does it not?
Just a thought
September 14th, 2006, 05:18 PM
He wouldn't go to that extreme (as far as I know). I just think that he's being rude (no network etiquette) and downloading without asking. I ran Fsecure's blacklight on your hunch and it found nothing. My biggest problem is with the fact that the information displayed in those consoles is incorrect. I remember that there was another tool that I used to use, but I can't remember it's name so I figured that I'd post here and see if anyone else knew of something.
Thanks for the response, nihil!
September 14th, 2006, 05:51 PM
Use "fport" dos base utility, it will show you the program name as well as the full path of that file (executable file) and any other connectivity which is running. its same like netstat command but it gives more information abt the connection.
one of the great day in my life when i found antionline.com
September 14th, 2006, 05:57 PM
Hi infernon are you thinking of the Sysinternals tools here:
There are several monitoring ones.
September 14th, 2006, 06:41 PM
couple of options
remove him from you security
install a firewall
ask him what hes doing
Duct tape.....A whole lot of Duct Tape
Spyware/Adaware problem click