Results 1 to 4 of 4

Thread: how do I find the application that data has been blocked?

  1. #1
    datribe Guest

    Default how do I find the application that data has been blocked?

    After receiving the following message I have been trying to find the application that tried sending the data.
    "The firewall has blocked Internet access to 201.238.104.175 (TCP Port 61031) from your computer (TCP Flags: AF).
    Any way of finding this info?

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: how do I find the application that data has been blocked?

    Check the logs under "Alerts and Logs" then select the "Log Viewer" tab. It will display a log of what program was blocked, the IP address it was trying to send to and the time it happenend.

    Also there are some other things you can do to get a better idea about what's going on:-
    <ul>[*]Firstly you can monitor your TCP and UDP connections to see what ports traffic is moving on. A DOS program called Netstat will do this but there are a couple of programs that provide very nice GUI front ends. TCPView from Sysinternals and CurrPorts from Nirsoft.[*]Secondly, you can track down information about the IP address by looking it up at DNSstuff[/list].

    The destination IP address (201.238.104.175) is somewhere in Trinidad and Tobago!

  3. #3
    datribe Guest

    Default Re: how do I find the application that data has been blocked?

    Thanks, the TCPview and DNSstuff are quite useful. I normally use www.domaintools.com
    to query the DNS info. The log viewer unfortunately does not provide all the needed info., just the IP addresses and whether inbound or outbound.
    TCPview monitors in real-time but does not seem to log. Any software which monitors and logs ?

  4. #4
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: how do I find the application that data has been blocked?

    Yes, that's a bit of a problem with both TCPView and CurrPorts.

    Why not try starting TCPView from a DOS prompt and piping the output to a text file rather than the screen thus:-

    C:\>TCPView > TCPlog.txt

    You will need to run the DOS window with Administartor privelegs (hold down the CTRL key while right-clicking on the "START/Programs/Accessories/Command Prompt" menu item and select "Run As").

    This MAY help.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •