I’m test driving the comodo firewall right now. My old firewall was VCOM System Suite 6. The VCOM firewall would list the destination IPs as site names rather than numbers. It somehow used an arin.net type database to do this. Reading the destination log was easy with VCOM. I periodically checked my destination IPs to see who my computer was sending data to. It was a snap. You eventually got a feel for who the computer was talking to and why.
With comodo, I must go to arin.net and put the ip number into the search bar to get my answer. It’s much more time consuming. I’ve found some outgoing traffic that I never had before. One connection is to nlayer communications (69.22.128.0 - 69.22.191.255). My computer never use to connect to them before comodo. I can’t stop and check arin.net all the time. I don’t really know how much of this unknown destination traffic I have. I think it’s important to know who your computer is talking to as well as the traffic that it’s blocking.
Is there some type of comodo plug-in OR ANYTHING that will convert the connection log’s destination ip into a site name, rather than a number? I’ll try any workaround that’s better than running to arin.net constantly. I don’t mind if it hogs some resources because the ease of use is worth it to me.
I may have to go back to VCOM if I can’t find a solution. Please help. Thanks.
I won’t check wishlist v5 because it’s at least 7 pages. By the time it comes out, I’ll be so use to using one of your recommendations that it won’t matter if host name resolution is there or not.
I’ve opened currports and I’m blown away. I haven’t even messed with ipinfo or TCPview yet. If one of these will keep a running log, I’ll be in paradise. Thanks again :■■■■
Hi brad884
cports and tcp view do the same thing.
I used tcp view before I found cports, which I prefer, just looks nicer.
You can export all or selected items to a html log, under the “view” menu.
Another handy little utility to have on your system is process explorer from sysinternals.
Thanks for the tip on process explorer. I did some quick research and it looks good. The more information I can get, the better. I’ll unzip it over the weekend and check it out. I’m still new at using these types of tools but I’m learning. I found the html log function so that’s better than nothing. A running log that I don’t need to interact with would be ideal. It would be great if it would automatically save all connection traffic for the last hour or so.
One problem I’ve noticed is that cports doesn’t convert every single IPN into a site name. I still have to plug some of them into IPNetinfo or ARIN.net. I still haven’t unzipped tcp view so I have no idea what it looks like yet.
I’m really bugged that my computer is connecting to nlayer communications, inc. (69.22.128.0 - 69.22.191.255) I tried to block their destination IP range with Comodo but my computer still connected to them even after I blocked their IP range. I pretty sure that I did it right so now I’m really puzzled about them. I hope process explorer will tell me what process is connecting to them.
According to nlayer’s website, they’re a legit company that handles internet traffic. I don’t know anything about those type of companies so I’m not sure why my computer would connect to them. Some alarming stuff that I found out about them is that in 2005, a tech for Spysweeper tracked thousands of stolen IDs to files that nlayer managed. The IDs were all neatly processed into files as if they were ready to be sold to identity thieves. Another website said that nlayer is one of the companies that the government uses to track terrorists. I don’t know if my connection to them is keylogger traffic or normal traffic. All my antivirus and spyware scans show that I’m spotless. I’m certainly no terrorist. I know absolutely nothing about packet sniffers and I hope that I don’t have to go there to figure this out.
You could try this if your really worried about nlayer:
Network Monitor rules:
Action : BLOCK (and log if you want to verify)
Protocol : IP
Direction : IN/OUT
Source IP : HOST - Name=(IP address) or (http://www.nlayer.com/)
Destination IP : ANY
IP Details : ANY
You could create two separate rules for IN and OUT to make the logs more readable.
I’m almost positive that’s what I did last time and their connection still showed as established. I’ll try it one more time to see what happens. If they don’t have something to do with my antivirus, it’s a connection that I want to kill. I’ll be out of town for a few days so it may be awhile before I get around to this. Thanks for the suggestion Toggie.
In my experience, a combined In/Out rule may not work the way we think it should. There seems to be (IMO) confusion then about source vs destination, when an IP address or Port is used as part of the rule.
Thus you would want a separate rule to Block IP out to that IP (either the hostname or IP range), where that would be the Destination, then a second rule to Block IP In from that host/range (where it would be the Source).