PNetMon - Overview
PNetMon was born out of a desire to see what our PCs are up to on the network. What is it with all that network activity and who are the remote hosts my PC is talking to? You just might be amazed.
Is It a Security Tool?
Is PNetMon a security tool? Not really, but it could be used as a safety net. When your chosen security tools fail you and malware manages to get into your PC that malware will usually want to communicate with a remote host for instructions and/or to send your personal data. The payoff for the miscreants who distribute most malware is to either steal your information or take control of our computer to wreak havoc on specific internet targets, or both. Those objectives require it to communicate with malicious hosts and possibly with other sites that are targets of attack.
Today's malware has become increasingly sophisticated. Once it gets past your primary defenses it will hide it's presence so that it can remain on your PC to do its evil deeds for as long as possible. Many computers are infected for long periods of time without their owner's knowledge.
By knowing the normal pattern of network communications of your PC PNetMon may enable you to spot something that just doesn't look right. What's my computer doing talking to that unfamilar host in a distant location? With that lead and a little research you just might find that your computer is doing things that you didn't tell it to do.
The PNetMon display will hopefully be interesting and perhaps enlightening at first, but we realize that you'll need to do some work (or play) on your computer and can't be watching our program all the time. The latest version of PNetMon (v3.43) will alert you if your PC talks with any blacklisted hosts! It does this by checking network packet IP addresses against a published blacklist. PNetMon downloads the lastest version of the blacklist each time it starts. The blacklist used is compiled and maintained by FireHOL (http://iplists.firehol.org).
Who's Monitoring My Surfing Activity?
There are many legitimate organizations out there whose main purpose is to track and follow what you're doing. They want to learn your surfing habits so they can do targeted marketing campaigns. Some of us don't mind that too much and some of us don't like it at all. Since these sites are not considered malicious they will not trigger alerts, but it can be a real eye-opener to watch PNetMon while visiting your favorite web sites.
How Does It Work?
PNetMon consists of two components -- a service that runs in the background collecting your PC's network activity and a client that you run manually whenever you want to see activity. This design serves two purposes -- first, it eliminates the need for the client to have Admin privileges and second, it allows PNetMon to maintain a running log of activity even if you forget to run the client. When you start the PNetMon client you'll see all network activity that has occurred over the recent past. It's important to note that the client must be running for the alert feature to work! You can minimize the client. If communication with a blacklisted host is detected PNetMon will sound an alert and pop up for you to see the alert. So called "flagged" hosts are always displayed at the top of the list.
PNetMon does not invade your computer with special drivers and other components that can destabilize your PC. It uses standard Windows API calls to gather its information. PNetMon is a Personal Network Monitor -- it does not log other activity on the network unless your PC is involved. PNetMon examines only the headers of network packets going in and out of your PC. It does not access or log the data portion of those packets. Furthermore, information on connections to remote hosts is kept for only short periods of time.
Example of program display
A Tool for the Average PC User
There are many very good network scanning and monitoring tools out there for security professsionals. In most cases they are complicated to use and relatively invasive to the target PC. Unlike PNetMon they're not meant for the average PC user who just wants some idea of what their PC is doing on the network.
PNetMon in its current form is free to download and use without restrictions, subject to the license agreement. In the future a more advanced version of the software may be offered for a small fee, but the current version with blacklisted host alert capabilities is still free!
The new version of PNetMon with the blacklisted host alert feature is now available for download. We have thoroughly tested this release on Windows 8 and 10. It has also been tested and runs on Windows Vista and Windows 7. Please visit our download page to get it.