Welcome! Log In Create A New Profile

Advanced

How to find the source of what's hammering my system

Posted by aka2921 
How to find the source of what's hammering my system
August 02, 2010 07:32AM
PeerBlock is doing an outstanding job for me. However, there is one IP address that just hammers my machine all day -- Software Workbench. I have BlockSite addon installed in Firefox with Software Workbench's ip address added, but BlockSite isn't blocking Software Workbench.

Is there any program I can obtain to tell me precisely which program on my machine is generating the attempts to connect to Software Workbench? I know in some previous queries like this the advice was to let PeerBlock just do its job, but the number of attempts and frequency of attempts to Software Workbench are just ridiculous and I *really* would like to determine where these connection attempts to Software Workbench are coming from on my computer.

Thanks for any suggestions.



Edited 1 time(s). Last edit at 08/02/2010 07:32AM by aka2921.
Re: How to find the source of what's hammering my system
August 02, 2010 10:30AM
Heya aka2921.

Could you possibly provide more information as what IP addresses appear with port numbers and are they source or destination? Also have you found any common denominator on when does this occur? With these information it would help narrowing down a lot.
Re: How to find the source of what's hammering my system
August 03, 2010 07:46AM
Tippy,

Source: 192.168.0.101 :2466, 2465, 2463, 2438, 2470, 2471, 2517, 2518, 2535, etc., etc.

Destination IP's (all with port 80 appended at the end):
[216.38.160.107]
[216.38.162.127]
[216.38.162.97]
[216.38.163.127]
[216.38.164.107]
[216.38.166.107]
[216.38.169.106]
[216.38.172.107]

This certainly happens when Firefox is open; I am unsure at this moment if it happens when it's closed. This destination is attempted about every 3 to 6 seconds, which is why I would like to stop the hammering once and for all. I surf through Sandboxie, but I do have NoScript turned off since I'm in the Sandbox (maybe that's a mistake?). I've used all sorts of rootkit detectors on my machine and they come up clean. I have a program installed, X-NetStatProfessional, that seems like it should be able to provide the source, but frankly the program overwhelms me with its complexity. Thanks for any insight you can provide.

aka2921
Re: How to find the source of what's hammering my system
August 03, 2010 07:55AM
Ah. Port 80 usually means it's about HTTP browsing. Your FireFox is attempting to send packets to that IP address. It may have something to do on what websites you're browsing through. Try paying attention to these and you might find out the reason. Do note that one website can load from multiple IP addresses. Various ads, for instance.
Re: How to find the source of what's hammering my system
August 03, 2010 09:13AM
Thank you. Your response caused me to look more carefully at my add-ons in Firefox. There is one -- Netcraft Anti-Phishing Toolbar -- I just disabled it and I notice the Software Workbench access attempts have stopped. The Netcraft Toolbar analyzes every site I visit, so that would explain the constant access. If I see more entries with the Toolbar disabled, I'll report back, but for now it appears that was the culprit. Thanks for your help!
Re: How to find the source of what's hammering my system
August 03, 2010 02:40PM
Glad that I could be of assistance.
Re: How to find the source of what's hammering my system
August 03, 2010 09:05PM
Good job Tippy.
Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 32
Record Number of Guests: 215 on November 08, 2012