Windows 10 Activity monitoring

Problems? Post here...
Post Reply
User avatar
isapiens
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 533
Joined: 05 May 2006, 16:00
17
Location: Turn around

Windows 10 Activity monitoring

Post by isapiens »

I want to perform a fresh install of a windows 10 system (legal copy).

I want to document all the native processes and port connections that show up after a clean install. I have used random programs in the past to monitor various processes and port connections but they didn't meet my needs.

I want to have a list of all the processes and connections that windows makes after a fresh install. With that list I want to research each connection and learn what the system does after a fresh install so I can understand in the future if there are some unwanted port connection being made by the system. Even if the connection is made every hour for couple of seconds I want that added to the list of port connections.

Is there a port monitoring program you could recommend?

I became interested in this after I started reading about all the automatic connections that are done by Windows 10 on a regular basis. It was interesting to me to see all the servers that it is connecting for various things. It seems that to this day a lot of people on the internet are not sure why it is connecting and sending information to certain servers....(cortana seems to be one of the excuses for some of those periodic connections).
Fluoridation is the most monstrously conceived and dangerous communist plot we have ever had to face.

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Re: Windows 10 Activity monitoring

Post by bad_brain »

have a look at TCPview, you can save the output to a file with it and it's SO much better than the crippled netstat of Windows:
https://technet.microsoft.com/en-us/sys ... pview.aspx" onclick="window.open(this.href);return false;

if you need extensive functionality that allows you to use filters (port, connection, etc) you should have a look at Wireshark:
https://www.wireshark.org/" onclick="window.open(this.href);return false;

;)
Image

User avatar
z3r0aCc3Ss
Fame ! Where are the chicks?!
Fame ! Where are the chicks?!
Posts: 700
Joined: 23 Jun 2009, 16:00
14
Contact:

Re: Windows 10 Activity monitoring

Post by z3r0aCc3Ss »

Wireshark is a magnificent tool for network monitoring, but even it has limitations. You can't run it for hours and hours and expect it to run smoothly unless you have really behemoth machine. As per my understanding, "isapiens" wants to continuously monitor activity. Wireshark wouldn't suffice his needs unless you're willing to dedicate 15-16 hours of your day.

I haven't tried this (and seems a bit of irrelvent), but found while Googling. Have a look at:
Beta tester for major RATs, all kinds of stealers and keyloggers.
Learning NMAP

User avatar
bad_brain
Site Owner
Site Owner
Posts: 11636
Joined: 06 Apr 2005, 16:00
18
Location: In your eye floaters.
Contact:

Re: Windows 10 Activity monitoring

Post by bad_brain »

fair enough, even if you could apply filters in wireshark to get rid of a lot of unneeded logging.

the one you've linked seems to be pretty feature rich, BUT it's commercial and closed source....which is always a no-go for me personally.

another idea, which would imo be the most professional solution, would be to use a cheap Linux system as gateway and do the logging/monitoring there instead of on the actual system...from lightweight solutions like tcpdump to overkill solutions like Nagios, there are way more options with Linux.
Image

User avatar
ayu
Staff
Staff
Posts: 8109
Joined: 27 Aug 2005, 16:00
18
Contact:

Re: Windows 10 Activity monitoring

Post by ayu »

Can't remember the name now, but Windows 10 and the new Windows server version will get a new pretty cool feature where you can monitor EVERYTHING on the machine.
It will let you whitelist both processes and connections and stop basically anything that is not signed properly.
I will post again when I can find what they are calling it, but it's some sort of new extended security center.
"The best place to hide a tree, is in a forest"

Post Reply