[SOLVED] How to spot bot traffic?

Rosie-L · 03-22-2008, 07:40 PM

Hi all.

if I'm in the wrong forum please point me to the right one

Can anyone recommend any sort of a program that will monitor traffic in and out of a PC and display if some sort of a spam bot is active?

I don't mean anti-virus or anti-spyware software, but rather a program that will look for the illegal traffic itself.

My Google searches suggests that some sort of a network packet monitor might do the job, but would it work for a broadband connected stand-alone PC?

How easy is it to read the output from a packet monitor (if that's what should be used)?

TIA
- Rosie

dai · 03-22-2008, 10:42 PM

moved you to network security

**Cellus** · 03-23-2008, 12:12 AM

Manually reading and interpreting the output on an active Internet connection using a network protocol analyzer, such as WireShark is complex and beyond the absolute basic of troubleshooting only useful for networking experts. That isn't to say you can't use it while not being an expert, but it certainly helps.

You can use something like WireShark to read your traffic and see where traffic is going. You can also use things such as the netstat -a command in the command prompt to see what connections have been established or listening, waiting for a connection (though commonly the more advanced bots and viruses evade such commands).

An Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) will automagically read traffic and detect/block known and unknown threats. You can also use a Personal Firewall (a software firewall), which may or may not have built-in IPS, with application control to control what programs have permission to access the Internet, receive connections, and so forth.

Have anti-virus, anti-spyware, and a personal firewall running to help protect your computer. Keep Windows and your various programs patched and up-to-date to fix security holes. Try to stay logged in as a limited user (not an administrator) unless necessary so if the PC is compromised the freedom a malicious program or user has is mitigated.

If you would like some program suggestions, take a look at our PC Safety and Security thread for more information.

Rosie-L · 03-23-2008, 08:39 PM

Thanks very much Cellus.

That's exactly what I wanted to know.

- Rosie

03-22-2008, 07:40 PM	#1 (permalink)
Rosie-L Registered User Join Date: Mar 2008 Posts: 3 OS: XP SP2	[SOLVED] How to spot bot traffic? Hi all. if I'm in the wrong forum please point me to the right one Can anyone recommend any sort of a program that will monitor traffic in and out of a PC and display if some sort of a spam bot is active? I don't mean anti-virus or anti-spyware software, but rather a program that will look for the illegal traffic itself. My Google searches suggests that some sort of a network packet monitor might do the job, but would it work for a broadband connected stand-alone PC? How easy is it to read the output from a packet monitor (if that's what should be used)? TIA - Rosie

03-22-2008, 10:42 PM	#2 (permalink)
dai Manager, Hardware Forums Join Date: Jul 2004 Location: west australia Posts: 41,964 OS: vista 32x ultimate retail	Re: How to spot bot traffic? moved you to network security __________________

03-23-2008, 12:12 AM	#3 (permalink)
Cellus Moderator Networking Team Join Date: Aug 2006 Location: Canada Posts: 2,633 OS: Windows Vista Business SP1, Windows XP Professional SP3 My System	Re: How to spot bot traffic? Manually reading and interpreting the output on an active Internet connection using a network protocol analyzer, such as WireShark is complex and beyond the absolute basic of troubleshooting only useful for networking experts. That isn't to say you can't use it while not being an expert, but it certainly helps. You can use something like WireShark to read your traffic and see where traffic is going. You can also use things such as the netstat -a command in the command prompt to see what connections have been established or listening, waiting for a connection (though commonly the more advanced bots and viruses evade such commands). An Intrusion Detection System (IDS) or Intrusion Prevention System (IPS) will automagically read traffic and detect/block known and unknown threats. You can also use a Personal Firewall (a software firewall), which may or may not have built-in IPS, with application control to control what programs have permission to access the Internet, receive connections, and so forth. Have anti-virus, anti-spyware, and a personal firewall running to help protect your computer. Keep Windows and your various programs patched and up-to-date to fix security holes. Try to stay logged in as a limited user (not an administrator) unless necessary so if the PC is compromised the freedom a malicious program or user has is mitigated. If you would like some program suggestions, take a look at our PC Safety and Security thread for more information. __________________ TSF Networking Team HijackThis 5 Step Process Donate! Last edited by Cellus : 03-23-2008 at 11:17 PM. Reason: typo and grammar - i speek engrish gud!

03-23-2008, 08:39 PM	#4 (permalink)
Rosie-L Registered User Join Date: Mar 2008 Posts: 3 OS: XP SP2	Re: How to spot bot traffic? Thanks very much Cellus. That's exactly what I wanted to know. - Rosie