Network Knowledge
April 12, 2009 3:40 PM   Subscribe

How can I analyse and understand what's going on with my PeerGuardian logs? How can I understand various network commands (e.g. ping, traceroute etc.)?

I use PeerGuardian (OS X version), and even when I'm just surfing the internet it's adding to its logs telling me it's blocked various things.

e.g.

Sun Apr 12 2009 23:31:42.447 BST -Blck- 172.xx.xx.xx:xxx (netbios-ns) -> local:xxx (netbios-ns) udp4 'nmbd (xxx)' (Bogon:Ads, Spyware, Bogon, etc)

I'm assuming this means that it's blocked IP 172.xx... from accessing port xxx on my machine?

So taking things a step further, what can I do to work out 'who' this is? I've heard of ping and traceroute, and have a vague understanding of what they do - what else could I use just to gather info for purely academic purposes (i.e. - "ok, I understand what's going on, this black box makes sense to me now", rather than "I want to pwn joo with my l337 skillz!!11!)

Finally, I used to have (back when I was on Windows) what was essentially traceroute on a map (kinda like that scene in Goldeneye when they work out that Boris is in Cuba). Is there anything like that around for OS X? (it looked really cool, even if its utility was suspect)
posted by djgh to Computers & Internet (5 answers total)
 
Best answer: You can do a reverse IP lookup to figure out where the ISP for that IP address is located. (Might be useful only for curiosity purposes since ISP location usually doesn't equate to computer-doing-the-bad-stuff location.)

You can also Google the IP address. If PeerGuardian recognizes it as ads/spyware, chances are that there's a web page out there that will tell you *which* ad/spyware this is.

If you Google the port number, you can see what this computer is scanning you for. For example, 80 = it thinks you have a web server; 22 = it thinks you have a SSH server.

Also, make sure you've turned on the OS X firewall. It will block all incoming connections on all ports except the ones you whitelist.
posted by shadytrees at 4:42 PM on April 12, 2009


I think you're trying to work with Peerguardian in ways beyond its original design intention. The program is essentially a very simple firewall with a set of rules that block inbound connections and is meant to protect you while on peer-to-peer networks. If you are truly interested in reverse lookups on IPs that are connecting to you and doing further research on inbound and maybe outbound connections from your system, you're far better off investing in a proper firewall which does all this work for you. On Windows, I'd suggest Outpost. For Mac, I unfortunately have no suggestions, but I'm sure there's something out there. A good firewall will automatically log inbound attempts, resolve IPs to hostnames, and some of them actually automatically trace the attacker and display their approximate city and country on a world map.
posted by cyniczny at 5:57 PM on April 12, 2009


Can you post the second octet of that 172.xxx. address? (The number right after the dot after 172). If the second number is between 16 and 32, it is a private address. Meaning it is happening behind the firewall of your main internet connection.
posted by crazyray at 12:40 AM on April 13, 2009


If you want to do the "traceroute on a map" thing, VisualRoute's the tool for you. $50 but it's about the only program I know of that does what you want.
posted by scalefree at 1:07 AM on April 13, 2009


Response by poster: Thanks guys, that's set me on the right track.
posted by djgh at 8:11 AM on April 14, 2009


« Older A Material Issue   |   What's my next move? Newer »
This thread is closed to new comments.


Tags

Share