Question what are the ways that computers on a shared home network communicate with each other that are not hacking, or any kind of intentional monitoring

Jul 17, 2019
1
0
10
0
So I am in a situation where I need to prove that I am not hacking or monitoring someone elses computer on a home network. The setup is fairly standard. 2 win 10 computers(one home edition and and one professional edition), 3 android smartphones and a netgear home router make up the network. Additionaly, the phones communicate with the computers to access files, send adb commands, and screencast the phones to the computers.

In the past, one computer has backed up and later retrieved files from the other computer. And one computer has screen cast to the other computer. I have also logged into the other individual's computer with my account, and vice versa. I can provide additional information as needed, but this is what I can think to add so far as a snapshot of the use of the technology on the network.

What I am looking for is a fairly in depth list of services, standard windows apps, and protocols that would have interaction between the computers. I am looking for a whitelist, as it were, of specific reasons and methods that the computers use to interact with each other as part of a baseline network configuration, so that we can rule those out while we try to figure out if we have ben hacked or if anything untoward is happening. Both myself and the other individual are fairly tech saavy, so we are looking for the specifics of what to rule out so we are not chasing down legit interactions as we pour over logs, DLL files, etc.

Thanks.
 
I don't think you'll find a comprehensive document about that. Start with looking at running Windows services (Black Viper has a good list of them), and collecting information what and how they do it. And reading your post, it seems that you opened quite a lot of other doors into your computers as well, so you'll have to check these apps as well. If you're curious, you can install Wireshark in your network, and see what runs and start classifying.

As for proving you're innocent - usually, it works other way around, the other party has to prove you're guilty.
 

digitalgriffin

Distinguished
Jan 29, 2008
872
169
19,190
15
So I am in a situation where I need to prove that I am not hacking or monitoring someone elses computer on a home network. The setup is fairly standard. 2 win 10 computers(one home edition and and one professional edition), 3 android smartphones and a netgear home router make up the network. Additionaly, the phones communicate with the computers to access files, send adb commands, and screencast the phones to the computers.

In the past, one computer has backed up and later retrieved files from the other computer. And one computer has screen cast to the other computer. I have also logged into the other individual's computer with my account, and vice versa. I can provide additional information as needed, but this is what I can think to add so far as a snapshot of the use of the technology on the network.

What I am looking for is a fairly in depth list of services, standard windows apps, and protocols that would have interaction between the computers. I am looking for a whitelist, as it were, of specific reasons and methods that the computers use to interact with each other as part of a baseline network configuration, so that we can rule those out while we try to figure out if we have ben hacked or if anything untoward is happening. Both myself and the other individual are fairly tech saavy, so we are looking for the specifics of what to rule out so we are not chasing down legit interactions as we pour over logs, DLL files, etc.

Thanks.
There are too many to list and more are added as applications are added. My network printer has no less than 8 services being broadcast! Good grief.

That said, UPnP discovery, Network discovery, ICMP (ie: Ping), workgroup, SMB share protocols for file shares, wifi support services, web servers (port 80 and 8080), DLNA servers (Plex) are the most common for small home networks.

https://www.utilizewindows.com/list-of-common-network-port-numbers/

What you'll want to do is go to your windows or anti virus firewall and look at every IP/Port number they allow pass through for. Most of the services will be listed by name for a port. But you can google, "What services use TCP port 1234?"

The other thing you can do is turn launch [resource monitor] from task manager [Performance] tab. From Resource Monitor go to the [network] tab. You can see which processes are using network resources. A lot of time they will hide behind svchost.exe. But it will reveal a process ID with that svchost. These are likely some type of service which can be matched by process ID under task manager [Services] tab. From there you can track the dll's and executables down to a folder and registry search and then ask google "What Is XYZ.exe program" or "What is Application Layer Gateway Service" (for example) It will tell you a lot about your machine and what it does. It will also tell you who owns that service (The computer system, the network, or a user outside your current interactive user account)

This all assumes there wasn't a root kit installed which hides all this activity. (And why they are so nefarious to remove)
 
Last edited:

USAFRet

Titan
Moderator
Mar 16, 2013
111,890
1,608
154,440
18,454
If this is from inside the house with physical access, there is no way to prove or disprove.
Boot up with a Linux LiveUSB, and do whatever you want.

If it is from outside the house, possibly the router log lists some access.
 

digitalgriffin

Distinguished
Jan 29, 2008
872
169
19,190
15
If you want to prove you aren't hacking someone you could put each of your computers on a subnet with a different base ip. You wont be able to share any resources like a NAS or printer then however.

You will need a managed layer 3 switch that can act like a router to do this.

Some routers like Netgear make provisions for their own subnet via guest wifi. But this doesn't carry it very to wired lan.

We had a person in here a few weeks ago super paranoid that his roommate was doing some illegal stuff and hacking his computer. I personally think he needed to get off the drugs because he was getting paranoid and didn't know how computers worked.
 
If each of the PC's hard drive's were browse-able by others over the network, with read/write access, it's going to be very hard to prove what did /did not happen...(were the stored backup images themselves browseable?)

If there is no trust, then accept it, move on, severe all connections between the two, and if needed, put one of the two systems behind an additional router(logically, the non-owner of the current router/ISP/cable pill payer?), and allow them to share nothing. Have each get an external 1 TB USB hard drive for $65 for backups.... Now each can access internet, and that is the hypothetical limit to their interconnectivity.

'Help me prove I'm not a hacker to someone who does not trust me' is a rather huge rabbit- hole....
 
Reactions: digitalgriffin

ASK THE COMMUNITY

TRENDING THREADS