Wikipedia:Reference desk/Archives/Computing/2008 May 12

Computing desk
< May 11 << Apr | May | Jun >> May 13 >
Welcome to the Wikipedia Computing Reference Desk Archives
The page you are currently viewing is an archive page. While you can leave answers for any questions shown below, please ask new questions on one of the current reference desk pages.


May 12

edit

KDE 4 questions

edit

I recently installed Kubuntu with KDE 4, and I have a number of questions.

First, new applications I install using adept and aptitude don't show up on the Applications menu, and I have to use the search bar to find them. How can I get them onto the menu?

Second, on a related note, where's the menu editor where I can remove or recategorize existing applications?

Third, when I delete a file from the desktop, it doesn't actually get removed from the ~/Desktop folder. I also can't cut-and-paste or drag-and-drop a file from the desktop into Ark, Dolphin etc. How can I fix this?

Finally, so that I can restore it if it disappears, what is the new version of Kicker called for invocation purposes? NeonMerlin 01:16, 12 May 2008 (UTC)[reply]

NeonMerlin 22:50, 11 May 2008 (UTC)[reply]

As far as I know, the desktop doesn't work as you'd expect. It uses those plasmoids or whatever they're called, the same type of widgets that run the panels. I don't know if there's a way to restore expected functionality there. 206.126.163.20 (talk) 23:14, 11 May 2008 (UTC)[reply]

internet radio in ipod touch

edit

i have ipod touch, broadband internet connection and a 'modem with wifi facility'. is it possible to listen either shoucast radio stations in ipod touch if ipod touch has internet access via that wifi modem? if not shoutcast radio station, can i play radio stations listed under library folder in itunes software? thanks in advance —Preceding unsigned comment added by 59.96.24.243 (talk) 04:10, 12 May 2008 (UTC)[reply]

A quick google (shoutcast iphone) found this.118.90.102.125 (talk) 11:23, 13 May 2008 (UTC)[reply]

Thanks

Down Loading free e-books on Plam Top 5

edit

Hi, could any one please help me by telling me how do I down load free e-books on my Plam-top? The ones that I have downloaded appear in characte and symbols, when I try to open them. —Preceding unsigned comment added by 132.190.32.66 (talk) 04:42, 12 May 2008 (UTC)[reply]

It sounds like you are opening a file in notepad which is not designed for notepad. If it is a PDF (which is likely), you can open the file with Adobe Reader. asenine say what? 06:56, 12 May 2008 (UTC)[reply]
There are several formats for e-books, all require special software. If you could tell us where you got the file, or perhaps the three letter extension on the end of the filename it would help. APL (talk) 19:31, 12 May 2008 (UTC)[reply]

IP Address Question

edit

If one uses their internet connection from home to connect to their work machine, and if they make edits though this "Remote Desktop"s " whose IP address shows up? Only the the target computer, or can the IP address be seen that supports the connection to the internet, connecting to this work computer? I've heard conflicting answers to this question, but it should be easy enough to test out (if anyone has a remote desktop ability). My sources tell me that doing so would not mask the originating IP from the home internet connection, even if its done thought a remote desktop method. Any technical experts out there who can weigh in on this controversy, or test it? Thanks.Giovanni33 (talk) 04:50, 12 May 2008 (UTC)[reply]

Only the address of your work machine would show up, since a remote desktop connection effectively means you're directly controlling your work machine, using the hardware of your home machine through the internet. It's no different to opening a webpage on the work machine with you sitting in front of it. --antilivedT | C | G 05:49, 12 May 2008 (UTC)[reply]

Registry

edit

If you install a file to the Windows Registry in order for a game to run, is this okay? What does it do? How do you remove file later? 86.129.95.46 (talk) 08:02, 12 May 2008 (UTC)[reply]

It is normally safe to import these files. Open the file with a text editor and in there you can see exactly what it is trying to do. Usually, for a game, it would be installing keys and key values under the publisher's name. It is normally safe to remove the key from its root (find it using Regedit) after you uninstall the game, if the game itself hadn't removed it already. Sandman30s (talk) 14:32, 12 May 2008 (UTC)[reply]
The game was downloaded. Is it still okay? 86.129.95.46 (talk) 15:44, 12 May 2008 (UTC)[reply]
If you suspect something would go wrong, you can backup your entire registry before you install the game. If you suspect malice, please do not install the game. Kushal (talk) 17:14, 12 May 2008 (UTC)[reply]
Open the registry file up, look at it. And scan the game executable and installer for viruses while you're at it, warez-monkey. 24.76.169.85 (talk) 19:30, 12 May 2008 (UTC)[reply]

Any substitute of CloneCD?

edit

Yes, I'm curious to know if there is any substitute for CloneCD. CloneCD can copy CDs regardless of some sort of protective measures (as I read the article here). Can Magic ISO do the same?--Fitzwilliam (talk) 09:10, 12 May 2008 (UTC)[reply]

Alcohol 120% works better in some cases. It also copies at the physical level unless you instruct it to remove copy protection. Sandman30s (talk) 14:29, 12 May 2008 (UTC)[reply]

Big Brother

edit

How easy would it be for the government to read your e-mail? Mr Beans Backside (talk) 10:12, 12 May 2008 (UTC)[reply]

What makes you think that they haven't? See Carnivore (software). Dismas|(talk) 10:23, 12 May 2008 (UTC)[reply]
If you use a good encryption for your email correspondence, probably not so easy. Better questions are perhaps - why would the government want to read your email, and why would you care? -- Meni Rosenfeld (talk) 11:35, 12 May 2008 (UTC)[reply]
Try giving that argument to EFF, Meni Rosenfeld. To stand up on a soapbox, these are definitely not better questions. Please let me quote from User:Rama,
That's all, my honor. --Kushal (talk) 12:01, 12 May 2008 (UTC)[reply]
Rama should probably credit Benjamin Franklin. --LarryMac | Talk 13:51, 12 May 2008 (UTC)[reply]
As much as I disagree with this sentiment, I will refrain from any additional comments as this is obviously not the correct place for this. -- Meni Rosenfeld (talk) 12:21, 12 May 2008 (UTC)[reply]
I sincerely apologize for any hurt or resentment, Meni. I did not mean to attack you personally. I am sorry if it came out as such. I am very grateful that you had the kindness to restrain yourself. I hope you will accept my apologies. Kushal (talk) 17:23, 12 May 2008 (UTC)[reply]
Don't worry, no offense was taken. I simply realized that this could easily evolve into a debate much beyond the scope of this venue, and a good stopping point would be after two opposite views were expressed. -- Meni Rosenfeld (talk) 20:45, 12 May 2008 (UTC)[reply]
Thank you. I cannot go without mentioning that you are very kind and very modest, though. Kushal (talk) 05:02, 13 May 2008 (UTC)[reply]
We have an article on e-mail privacy. Basic answer is that a government organisation can intercept and read your e-mail quite easily, and indeed legally if they can show a half-way good reason to do so, unless you add your own layer of encryption. Gandalf61 (talk) 13:50, 12 May 2008 (UTC)[reply]
Note that it's not just the government. Most e-mail flies around through routers all over the place as plaintext. Anybody sniffing around on a router could read it, if it isn't strongly encrypted. --Captain Ref Desk (talk) 15:34, 16 May 2008 (UTC)[reply]

Spyware

edit

What is Spyware and how did it get on my computer in the first place. I'm sure I never installed it. How can I get rid of it? Mr Beans Backside (talk) 10:14, 12 May 2008 (UTC)[reply]

See Spyware. Dismas|(talk) 10:24, 12 May 2008 (UTC)[reply]

Compression

edit

What is the most effective compression method for a web archive which contains HTML, WAV, MP3, JS, CCS, EXE and JPG files? Mr Beans Backside (talk) 11:43, 12 May 2008 (UTC)[reply]

It may not be the best but 7z deserves a look. Kushal (talk) 12:19, 12 May 2008 (UTC)[reply]
If you really care about state-of-the-art compression, take a look at maximumcompression.com. But my advice to most people would be to use ZIP or, if that doesn't compress well enough, 7-Zip or RAR. -- BenRG (talk) 22:35, 12 May 2008 (UTC)[reply]
RAR is not supported by free software. 7-Zip provides better compression effectiveness. 89.76.165.87 (talk) 13:17, 13 May 2008 (UTC)[reply]

Outlook error?

edit

When I click on a link in an email I get the response: This link type (http) is not supported. How do I avoid/fix this? Kittybrewster 12:28, 12 May 2008 (UTC)[reply]

In windows explorer, go to Tools | Folder Options | File Types and in there see if that link type is registered. In there you can tinker with how you want outlook to open a file type or extention. Be careful though, it is not always trivial to change certain links back to original or intended behaviour. Sandman30s (talk) 14:37, 12 May 2008 (UTC)[reply]
I have no clue why a simple http link type goes unrecognized. Which email client do you use? May I suggest the free and open-source Mozilla Thunderbird? It comes from one of the most trusted1 software vendors and there are tons of features like IM2 to look forward to. Kushal (talk) 17:31, 12 May 2008 (UTC)[reply]
Probably KittyBrewster uses Outlook. I guessed this because it was the topic of the question. Outlook is perfectly capable of clicking on links, theres no point encouraging them to change email softwares for that. APL (talk) 19:19, 12 May 2008 (UTC)[reply]
Unless it's broken as it sounds like it is. Although, usually just uninstalling/reinstalling Microsoft Office will fix a large percentage of Outlook errors (most of the rest are due to security software malfunctioning). 24.76.169.85 (talk) 19:33, 12 May 2008 (UTC)[reply]

Additional hard drives

edit

My computer has one internal hard drive but the cable which connects it appears to have a slot for an additional drive. But whenever I connect another drive the computer will not boot. It is a modern computer, two / three years old, and I know both HDDs work. Any ideas? Is the cable ment for this? xxx User:Hyper Girl 12:33, 12 May 2008 (UTC)[reply]

Are the jumpers on the drive set to the right positions for a slave? Dismas|(talk) 12:51, 12 May 2008 (UTC)[reply]
I had this exact problem yesterday and as Dismas said, it was the jumpers. Look for a grid of pins on the side of the drive. There should be a little block covering two of them, which you can pull off and put in the correct position. The label on the drive may have the different jumper positions printed on it, or you can Google for '[drive manufacturer's name] jumper positions' to find them. The original hard drive should be set to Master and the one you've just added should be set to Slave. — Matt Eason (Talk &#149; Contribs) 14:09, 12 May 2008 (UTC)[reply]
Alternatively, most computers later than the stone age use a cable select cable that automagically sets the drives to Primary (Master) and Slave (Secondary) based on which connectors you plug the drives into. But the jumpers on the individual drives should then both be set to the "Cable Select" position.
Atlant (talk) 16:38, 12 May 2008 (UTC)[reply]
OK, I've got the drive in my hand. There are four diagrams on the casing, each showing nine circles with two of them highlighted. I think this is what you are talking about. One of them is labeled "Cable Select", the others "Master", "Slave" and "Slave Present". What do I do with this? Do I have to solder the two pins together? xxx User:Hyper Girl 19:23, 12 May 2008 (UTC)[reply]
 
The little plastic things are jumpers, the plastic protects a metal conductor. There is another jumper bridging two pins on the drive.
There should be a little plastic jumper bridging two of the pins (see picture). Remove it, using a pair of tweezers if necessary, and use it to bridge the two pins corresponding to cable select. CaptainVindaloo t c e 19:53, 12 May 2008 (UTC)[reply]
As CaptainVindaloo mentioned, there should be a jumper already installed (or possibly "parked", installed but not doing anything) right there. If the jumper is missing, you can steal a jumper from another disk drive or what-have-you, or any computer shop can sell you replacement jumpers. Around here, they're commonly known as "Little Black Jumpers"/"Little Blue Jumpers"/"LBJs". On each of your drives, the jumper should be installed so it spans ("shorts together") the two highlighted pins for the mode you want ("Cable select" on both drives or "Master" on one and "Slave" on the other).
Atlant (talk) 00:23, 13 May 2008 (UTC)[reply]
Thank you everyone! I have it working now. I used some tin foil :) xxx User:Hyper Girl 12:41, 13 May 2008 (UTC)[reply]
That's a good jury rig! How come I never thought of that? I'll try to remember it next time. 206.252.74.48 (talk) 15:01, 14 May 2008 (UTC)[reply]

Google balls

edit

Who are they? What they mean? See here. --GoingOnTracks (talk) 14:41, 12 May 2008 (UTC)[reply]

Probably a reference to a ball pit? --98.217.8.46 (talk) 14:58, 12 May 2008 (UTC)[reply]
GOOGLE has two O's. GOOOOOOOOOOGLE has ten O's. A ball pit has MANY O's. I think user:98.217.8.46 is at least partially right. It might also have reference to the huge number of O's that would be needed if each page for a result of a search of Anna Kournikova or any other search term was represented by a Google ball. Kushal (talk) 17:10, 12 May 2008 (UTC)[reply]
I believe Google HQ has, among its many other employee perks, a ball pit. Confusing Manifestation(Say hi!) 04:41, 13 May 2008 (UTC)[reply]
Look on the bottom left of this page. That's all there is to it, they've just kind of acquired a cult fanbase of sorts. Martyring (talk) 20:00, 14 May 2008 (UTC)[reply]

Firefox - force text/plain to view files instead of download?

edit

OK, take this page for instance. If I click one of the .pl files, I get the good old "You have chosen to open ... which is a ..." open with/save as dialog. What I'd like is some way (an extension I guess) to right-click the link and force it to simply display in the browser, no matter what filetype it is. Is this possible, or will I have to write it myself? I did find the Force Content-Type extension, but it doesn't seem to do what I want. Any advice? Aeluwas (talk) 14:42, 12 May 2008 (UTC)[reply]

What would "Open with" > Mozilla Firefox do? Kushal (talk) 17:42, 12 May 2008 (UTC)[reply]
Haha, it seems to create a loop! Every time I click OK, a new window pops up with the open with-window. :D -- Aeluwas (talk) 17:44, 12 May 2008 (UTC)[reply]
For you or anyone else interested, I wanted to point out the problem is the server is returning those .pl files with a content-type of "text/x-perl". This causes Firefox to show download options instead of display the file.
I was able to get the Force Content-Type add-on to partially work with url "http://", old type "text/x-", and new type "text/plain". The trick is you have to clear the Firefox cache, and then it only works the first time it loads the .pl file. If you refresh or click on it again, Firefox just gets it from its cache and it thinks it's text/x-perl again, I guess. --Bavi H (talk) 01:39, 14 May 2008 (UTC)[reply]
I don't know if it will help, but try the extension/addon MIME Edit (this should allow you to set it as text/x- permanently and change it later if you install perl). --Constructor 19:51, 14 May 2008 (UTC)[reply]

RSTP

edit

1. I am using VLC on Mac OS X 10.4.11 I can play the location [rtsp://webcast.un.org/ondemand/unaction/unia1123.rm from UN] but I can only hear the audio, there is no video. How can I solve this problem?

2. How can I open BBC World Service's listen live programs on VLC? What is the address for it and how can I find out the same for BBC Nepalese Service?

Thank you. You guys are awesome! Kushal (talk) 18:06, 12 May 2008 (UTC)[reply]

  1. Oh hell, Realplayer? VLC won't do it. Simply won't. You'll need Realplayer; I'm not aware of any alternative to downloading that on OS X (on Windows you could download an illegal standalone version of Real's codecs, but that wouldn't work in VLC either).
  2. [1]. In fact, on the website, in the player window, there's a link that says "launch in standalone player" that uses this link :P. I can't navigate the Nepalese site, but see if there's an equivalent link there, and if not, just check the source of the page with the embedded player and look for a .asx file or a url starting with mms:// 24.76.169.85 (talk) 19:44, 12 May 2008 (UTC)[reply]

The world service link that you gave me worked like a charm. thank you very much. However, when I tried the same with nepalese service from bbcnepali.com, it did not work.

I wonder why it is illegal to have alternative players for real media player. I would guess the more would be the merrier when it came to a service that was complaining of getting its behind kicked by a "monopolist". Kushal (talk) 00:00, 13 May 2008 (UTC)[reply]

Thanks for the help, guys! Kushal (talk) 05:00, 13 May 2008 (UTC)[reply]

MPlayer can load the RV40 codec (which is what the first RTSP link uses) regardless of your OS. If it's true that VLC can't do it, VLC is lagging behind. Hopefully libavcodec's RV30/RV40 implementation will be done soon and this problem will be history. (The code is already in SVN, disabled for now but if you can figure out how to activate it, it actually plays the movie!)
As for the Nepal thing, I can't read any of it but I pushed the submit button on the form, and the next page had an ASX link. The asx contained a link to another asx, which contained the mms URL. (They do make these things complicated, don't they?) At least there wasn't any damn Javascript. --tcsetattr (talk / contribs) 01:44, 13 May 2008 (UTC)[reply]
No, it's just that "Real Alternative" is the most common alternative way on Windows to run Real Player videos, and it's just an illegal (copyright-violation) standalone codec ripped out of the full Real Player package; ie. it's Real's code, redistributed without permission. VLC does often lag behind in various things, you may want to try MPlayer as suggested above, though it's not as friendly. 206.126.163.20 (talk) 03:49, 13 May 2008 (UTC)[reply]

Simple graphics problem - make an Excel chart into an image

edit

I have several charts that I have produced in MS Excel that I want to use in a Power Point presentation. Each of the charts has several thousand data points. To reduce the chances that my charts will appear incorrectly when I give my presentation, I'd like to turn them into plain old images. I don't know how to do this. I have the open source graphics applications Inkscape and The Gimp, but I don't kno whow to use thenm very well. Can you help? ike9898 (talk) 18:19, 12 May 2008 (UTC)[reply]

To clarify, by chart I mean a plot of many points on cartesian coordinantes, not a table. ike9898 (talk) 18:37, 12 May 2008 (UTC)[reply]
You might consider converting it to PDF. See List of PDF software. If you really want an image, there are come commercial products to print to an image such as JPG. You can also do a screen capture, depending on how the spreadsheet is displayed. [2] --— Gadget850 (Ed) talk - 18:29, 12 May 2008 (UTC)[reply]
A low-resolution solution would be to take a screenshot (screen capture) of the chart when being dispalyed correctly by Excel and then insert that image into your PowerPoint presentation. (You can trim off non-chart portions of the image any number of ways.) It's not the prettiest solution but it's pretty darned fool-proof.
Atlant (talk) 18:58, 12 May 2008 (UTC)[reply]
Another alternative would be to save the chart as an HTML file, and then open the file. Right click on the image of the chart in the HTML file and save the image. weburiedoursecretsinthegarden 19:26, 12 May 2008 (UTC)[reply]
If you don't mind doing some VBA programming, You can export a chart as a GIF (or possibly JPEG or PNG) using the Export method. There's some example code here. AndrewWTaylor (talk) 20:05, 12 May 2008 (UTC)[reply]
The odds are that if you take a screenshot of it in Excel it will be of appropriate resolution for PowerPoint. PowerPoint displays in a a very low resolution (usually just 800x600); screenshots are usually just fine. --98.217.8.46 (talk) 00:37, 13 May 2008 (UTC)[reply]
In Excel, go to chart worksheet (or select chart if it is another worksheet), go to Edit menu, select "Copy". In Powerpoint, go to destination slide, go to Edit menu, select "Paste Special...". As well as Excel Chart Object, Powerpoint should also offer you formats Picture and Picture (Enhanced Metafile) for the paste, and possibly other formats too. Pick your prefered format, click on "Okay", and you are done. I usually use Enhanced Metafile, as I think it scales best. Gandalf61 (talk) 16:32, 13 May 2008 (UTC)[reply]

Runtime errors

edit

What causes runtime error messages in Windows? Mr Beans Backside (talk) 19:10, 12 May 2008 (UTC)[reply]

Mr BB do you have questionitis? What's stopping you from researching this in google? This has to be one of the most documented and varied problems in computing. Sandman30s (talk) 19:35, 12 May 2008 (UTC)[reply]
I'd be willing to bet it has its roots in Microsoft's software design practices and quality control. --Prestidigitator (talk) 19:41, 12 May 2008 (UTC)[reply]
I'd put my money on badly written drivers. Sandman30s (talk) 19:43, 12 May 2008 (UTC)[reply]
I'd bet its run-time errors. Mad031683 (talk) 20:31, 12 May 2008 (UTC)[reply]
If you're talking about messages like "this program has performed an illegal operation..." then it's because the program performed an illegal operation, i.e. it tried to do something the operating system or the hardware forbids, such as writing over its own program code. If you're talking about BSODs, it's a similar situation but in kernel mode instead of user mode. It's a deliberate design choice to terminate the program or the whole operating system in these situations, the idea being that there's no way of knowing what further damage might occur to your permanent data (on the hard disk) if you don't shut the offending program down as soon as you notice that something's gone wrong. I'm not sure this is such a great idea, but Linux does it too, so it fails the standard Internet is-it-bad test. -- BenRG (talk) 22:13, 12 May 2008 (UTC)[reply]

HTML source

edit

Is it possible to make the HTML source of a web page not viewable? Mr Beans Backside (talk) 19:11, 12 May 2008 (UTC)[reply]

No, not reliably. -- Coneslayer (talk) 19:15, 12 May 2008 (UTC)[reply]
The browser that your users are accessing the page with has to see the source to render it, so... no. 24.76.169.85 (talk) 19:45, 12 May 2008 (UTC)[reply]
You could use a package that renders HTML as an image and set it up as a proxy for your real content. Of course, except in as much as you want to do things like implement an image input map to recreate at least some of the original source functionality, the result will not be interactive, and would not allow things like selecting and copying text. You could also implement your whole web page using a common plug-in format like Flash or Java applets to allow interaction and at least obscure source code, but by doing that kind of thing you are basically stripping all the benefits that have been built into HTTP/HTML. In general your browser needs the source code to show you the page, and if you happen to have a nice enough browser to provide the feature (most if not all do), it will happily display the source code directly to the user rather than or in addition to rendering it. --Prestidigitator (talk) 19:51, 12 May 2008 (UTC)[reply]
You could make it harder to view by having the whole thing load after the fact using Javascript and a server side script. Then if you did "View source" you'd just see the javascript page loader. Depending on your server side setup you could probably make it so that script which served up the page data only served it up to the Javascript loader, somehow. It's not foolproof but it would be make it much tougher to read, though it wouldn't work on any browser that didn't have Javascript enabled. There as also various Javascript/HTML "encryptors" which are really just obfuscators (making it hard to read, not true encryption), like this one. --98.217.8.46 (talk) 00:30, 13 May 2008 (UTC)[reply]
Nope, thats not really harder. User just needs to click on View Generated Source in Firefox, or equivalent command in Opera. Also, I hope you didnt intend to password protect your page in javascript? Cause that would be a monumentally stupid thing to do. — Shinhan < talk > 04:56, 14 May 2008 (UTC)[reply]
If you really, really needed to, you could just take a screenshot of the page and display the image. It would wreak hell on any browser, but if you've got UBER-SECRET FBI HTML, that's the way to go, I guess. Ziggy Sawdust 01:29, 13 May 2008 (UTC)[reply]
But honestly, what's there to hide in HTML? I guarantee there's almost nothing you can do that someone else can't replicate without an immense amount of effort. 206.126.163.20 (talk) 03:39, 13 May 2008 (UTC)[reply]
With the exception of rendering to an image or a pdf : No. There are ways to make it more difficult, as described above, but they're all pretty trivial to get around. You could also potentialy encode your page's content into a embedded plug-in such as a java or flash applet, but keep in mind that those reduce usability. Especialy among those on slow dialups or those using non-standard browsers. (Potentialy because of a disability.)
I'm sorry, but I can't resist breaking the soapbox rule for a sentence or so : As a user, I usually feel insulted by websites that try this sort of trickery, Especially when coupled with misguided (and completely ineffective) attempts at blocking the right mouse button. You're all but accusing your users of thievery and plagiarism.
It would help if you would explain what you're trying to protect. Protecting the actual HTML markup seems pointless, Is there javascript or something in there that you're worried that people will see? APL (talk) 13:03, 13 May 2008 (UTC)[reply]
Not usefully. Anyway, why would you want to do it? Stifle (talk) 09:28, 14 May 2008 (UTC)[reply]
Why does everyone think he wants to do something to do this instead of just being interested in it? And - of course - he could use frames and encode the HTTP link in ASCII code (like %3F for question marks). While it's easy to find out which site actually is displayed, most people wouldn't be able to do so since they don't know about ASCII code. --Constructor 12:54, 14 May 2008 (UTC)[reply]
Oops, I note that modern browsers also prevent such tricks by allowing to directly go to framed websites. But with a permission only for this one site where it is framed it could work. --Constructor 12:55, 14 May 2008 (UTC)[reply]
If someone is trying to hide HTML I don't know that they'd care that most people wouldn't be able to find it. 24.76.169.85 (talk) 07:51, 18 May 2008 (UTC)[reply]

Monitoring upload/download

edit

Is there a way I can determine what executables running are sending or receiving data from the internet? Sometimes I see network activity which I can't understand since there aren't many applications running in task manager, only the necessary ones for Windows to run properly. This is for Windows XP SP2 by the way. --Mark PEA (talk) 19:28, 12 May 2008 (UTC)[reply]

I'd also like a reliable way to see this. What I do currently is stop all known active processes, then go and look at the list of processes in the task manager. Sort by CPU and see what is active. If something is using your bandwidth, you can be sure it's using a little bit of CPU too (jumping up and down the CPU usage list). However, if you're searching for spyware, it's probably better to get yourself a good spyware scanner. There are lots of good free ones on the net. Another thing to do often is clean out your temp folders as a lot of spyware seem to lurk there. Sandman30s (talk) 19:42, 12 May 2008 (UTC)[reply]
I'm experienced with computers, have coded many apps in C++, and I'm pretty sure it isn't spyware (plus I just ran Spybot S&D and it gave the all clear). The most likely thing causing it is either rundll32.exe or services.exe, which have DLL modules loaded. Too many to cancel and establish a cause through deductive reasoning. If there was an application that could find it I'd love to know --Mark PEA (talk) 19:49, 12 May 2008 (UTC)[reply]
If you want you can go brute force hardcore. If you're using something like McAfee antivirus, setup a user-defined port blocking rule. Block ALL ports and see what comes up in the exception list. If you don't use McAfee, I'm sure a person with your skills can find (or even write!) a port sniffing program to see what activity is going on. Sandman30s (talk) 20:00, 12 May 2008 (UTC)[reply]
If you want a really cumbersome way to do it, get a copy of windump to watch the traffic, use the "netstat -on" command to match the outgoing port with a PID, then use Process Explorer from MS to match the PID to the running process. This will only spot TCP connections though, not UDP. You can also use ZoneAlarm as your firewall and selectively deny Internet access and wait to see what programs ask for access. Franamax (talk) 20:08, 12 May 2008 (UTC)[reply]
I couldn't get the PID to show with WinDump, but did get some interesting IPs sending me packets (I'm only receiving, not sending, right now). In the space of 30 seconds, 4 different addresses sent packets to me, one from Italy, one from Russia and the other 2 were .net. I also found one of the client@hostname on a google search from IRC log files (on freenode, the only server I connect to coincidentally). From searching through on google, it occurred to me that maybe my ISP has recently changed my IP, and the last person to use this IP was part of a botnet or something, because I can't understand why at least 4 different people from all over the world are sending me packets all of a sudden. --Mark PEA (talk) 21:29, 12 May 2008 (UTC)[reply]
To get the PID's for both outbound connections and the processes accepting inbound connections, open a command window and type "netstat -a" or "netstat -an". You should also look at the port numbers on your side that are shown on windump, if they are <4096, they are common services you can look up. If the numbers are >4096, it is a process on your machine initiating the connection. If you can see the packets in windump, they are actually hitting your system. Your firewall shouldn't be letting anything connect inwards you haven't allowed. You can also get HijackThis, which shows all kinds of interesting stuff from your startup files. Franamax (talk) 21:42, 12 May 2008 (UTC)[reply]
Task manager will also tell you pids. .froth. (talk) 22:39, 12 May 2008 (UTC)[reply]
Sysinternals Process Explorer tool will give you this info (and a whole lot more) in a GUI. It's a free download from Microsoft. Google for "Sysinternals Process Explorer". It's great for figuring out what a service or program is doing. —Preceding unsigned comment added by 66.92.130.188 (talk) 01:33, 13 May 2008 (UTC)[reply]
This is great, thanks for the heads up! It also tells me what program is accessing files so I can avoid those annoying undeletables now. 222.159.203.140 (talk) 04:17, 13 May 2008 (UTC)[reply]
Awesome, thanks. TCPView is the one that the OP was looking for. These utils are great! Sandman30s (talk) 10:03, 13 May 2008 (UTC)[reply]
Thank you all, TCPView is indeed the kind of tool I was looking for. --Mark PEA (talk) 23:14, 13 May 2008 (UTC)[reply]