Is there a good ethernet trace tool or software available?

[traper]

I want to trace the data between my 10/100 nic and my cable modem.
The problem I want to debug is that my IE browser is always communicating once it's launched (send / receive lights blink once or twice a second) this only started yesterday. I also use FireFox browser and it doesn't have the problem. My cable company says to remove and reinstall IE but I'd like to do some PD first.
I checked for spyware and viruses, I'm clean.
OS is W-98 sp1, IE 6.0 all the current MSC updates are applied on both.
Any ideas? Anyone know of a good trace tool?

 

[blue68f100]

Run a rootkit revealer, to check for hidden software. Also it is recomeded to use at least 2 ad/spyware checkes, there is not one that catches all. Spyware Doctor is one of the best. It free to use, only have to buy if you want it to do the cleaning. Also use an online virus scan too, from one of the major players. Viruses have got pretty good at disabling virus software or adding exceptions so they are not detected. StartupList is a good program to check to see what windows is loading. Go through it line per line. Then go online and search the database. It will tell you what it is and where it is suppose to be located. Alot of time a virus has the same name as a windows file, just in a different location.

And if you had installed any software lately, uninstall and see if it clears. It's getting that a lot of the mfg are packing some kind of adware with there software now. In particular HP and Logitech. HP calls it added features, constantly checks supplies, and is acutally adware software. Logitech did this with there wireless keyboard and mouse. Adobe is now adding checks to Reader.

Check List:

Online Virus Scans
Atleast 2 adware/spyware checkers
Startuplist
rootkit revealers

You will proably find something that was being over looked.

 

[traper]

Thanks Blue,,, you pointed me in the right direction..

I found my problem,, it was a piece of software called "STARWARE"!
Uninstalling it solved the problem. I'm not sure how I even got it?
I certainly didn't install it "eyes open".
I googled 'starware' and Norton (symantec) has a good description of it and advice on how to get rid of it.

So beware,,, Starware , I'm not sure just how bad it is, but it certainly destroyed IE performance and made me very nervous with it's behaviour.

I'd still like to find a good (and cheap or free) "sniffer" tool to trace what my IEEE 802 port is doing.

Any ideas on that?

 

[blue68f100]

I use to use www.remote-exploit.org to scan for open ports. The link I have is no longer good.

Here is free scanner: http://www.softperfect.com/products/networkscanner/

Glad to see you located the problem. Which program found the problem.

Personal firewall can stop this activity. But most person can't extinguish between good and bad. I have removed all personal firewall from my PC's. I ran a test with them set to log all. My SPI in my router was good enough that nothing was recorded in 9 mo. So I freeded up some resoures. No longer use Symantic as my antivirus ( or anything ) due to a bad signature that they wouldn't admit to. But the problem cleared when the next update came through on Sunday. Yes Sunday, they never release updates on Sundays. They never responded or posted anything that indicated they had a problem. A company that want admit they had a problem, is bad news. I spent 30 hrs researching and trying to find the signature that was not there. Even restored the main computer from a backup, had to have one online. Did not reinstall Symantic. Went to a competor, and no longer recomend there antivirus. Doing so my computer runs faster now. When I swithced over the new antivirus found 3 virus that were in zip that symantic missed.

As you can see I do not like Symantic. The only good product they have now is Ghost, and they acquired that through acquisition.

 

[traper]

Hi again Blue,
I found the problem manually by looking in control panel 'add/remove' progarms. I did not recognize 'Starware' as something I had installed so I used Google to find out what it was and on the first page was the link to Symantec which described Starware as a malicious Adware /Spyware program. So I removed it and the problem was solved.

I don't like Symantec either (except for Norton utilities and Ghost). Back in the early days of PCs I liked Peter Norton's Utilities and I also bought several of his books. But since they became Symantec I find they have become too arrogant and their software is too big and automated. I bought SystemWorks 2002 a few years ago and I screwed up my computer so bad I had to reload everthing. Since then I only use Disk Doctor to scan my drives. I used to use Ghost but now have a copy of DriveImage that came with a PC Repair book that I bought and it works OK so I use it.

Thanks again for your help, I'll try the link you suggested for the trace tool. What I really want is to be able to trace the actual data (bitstream/ protocol level) at my PC's IEEE 802 port / NIC. I want to know exactly what is going out and coming in to my PC. I'm in Toronto, Canada and I use Roger's HiSpeed cable, their Helpdesk is not always helpful. So if I can trace the interface between my PC and their Modem then I be more specific when I need their help.
I'll let you know how I make out.

 

[blueeyesm]

Hi,

Ethereal is a network protocol analyzer. It will monitor and show you all incoming traffic to/from your network card to/from your modem, on UDP and TCP ports, their corresponding port number and even the data in those packets.

There is a small learning curve, depending on your technical knowledge.

 

[traper]

Thanks Blue Eyes M,
WOW !! Ethereal looks like it's a very capable trace tool. I'll try it and let you know how I fare. Have you used it yourself ?

 

[blueeyesm]

Yes - I found it invaluable for tracing what ports a program was trying to transmit on one time to figure out why my PC was so slow, yet my roomate's connection to was not.

Turns out I had spyware running in the background.

 

[traper]

I've downloaded, installed and run Ethereal,, it is great !! Exactly what I was looking for and more. Now I just have to brush up on my TCP/IP and internet protocols in general.
Spyware / Adware is the reason I started this Quest in the first place, Looks like I found my "holy grail".

Thanks again to all who helped.

 

[george20_20]

hello everyone , please i need your help to become a computer genius, i want to be good at networking and have good software, please anyone to help me, my email address is ..imme201120@yahoo.com..hope to hear from you soon Good people