Wednesday, November 09, 2005

Windows XP Built in traffic monitor for spyware detection

Last time, i recommended to internet cafes who have problems with spyware to use packet sniffer instead. By detecting the source IP and the ports, they can easily pin point possible PC suspected of spyware infection. However, i still thought that there must be a better way to detect abnormal traffic within the PC aside from using some freeware bandwitdh monitors. So i have here a very basic tech tip which you can use, when you feel those freeware are not that reliable.
1. Just click on Control Panel - Administrative Tools - Performance.

2. Delete all existing counters and add a new one.
3. Click on add counter icon and click on network interface.

4. Add the packet/sec counter or you can also include the packets sent or received.

5. Normal traffic may look like this.

6. Abnormal traffic (possible spyware infection) may look like this.

7. When a certain download or upload is interrupted, this is the graph that you will see.

So next time you experienced slow internet access, try to stop all internet activity on each PC then observe the traffic of each interface. Abnormal increase of packets per second on that inteface even in the absence of internet activity may be caused by a spyware or a virus.

No comments: