Re: help interpreting netmon activity?

From: Tracker (TheTrackers@attbi.com)
Date: 03/17/02 

From: Tracker <TheTrackers@attbi.com>
Date: Sat, 16 Mar 2002 22:04:23 -0800

You might want to go to Control Panel, Folder Options, View, Show All
Hidden Files and Folders.
If this doesn't show you that your system is hacked into. Then
Go to start, run, type regedit, then Registry and Export, type in
3-15-02.txt and select ok.
Open this file, many of the hackers install their *** at the bottom of
the registry. If you want to know more email me. There are so many to
see if your system is hacked, I know, my book shows many of the Elite
Hackers Tricks...
:->

Tracker

r smith wrote:
>
> why does netmon show that GRC.NEWS.COM has opened two consecutive ports
> (connected) and is listening on the same two? (1103 and 1104)
>
> And, Mcafee firewall current activity shows an open port in UNKNOWN
> ACTIVITY but it lists the local port and address as 1075/my IP and remote
> port and address as 80/168.143.112.10
> Port 80 is for tcp/ip (and I have 'OPERA' open now) but why is the remote
> address not one of the two listed by netmon for news.grc.com as
> 207.71.92.194 ?
>
> NETMON and McAfee firewall show different things at the same time and it is
> hard for a beginner to rationalise.
>
> finally, could someone explain what is showing up in UNKNOWN TRAFFIC? At
> times I have 20 or more ports with a remote port address (and IP) and my
> address as the local port (with of course my IP). McAfee lists the activity
> of an allowed program like OPERA as ephemeral- ,meaning sending multiple
> TCP/IP packets through port 80?
> I am new to this and TFM does not explain this so.....go easy.
> Rick