How to Continuously Monitor your Internet Connection

The internet connection has been flaky for the past few days. It works fine for 10-15 minutes, breaks for about a minute and the connection is then automatically restored. This erratic on/off cycle repeats itself throughout the day. It is most likely an ISP issue as the modem, the router, the DNS server, and the network connections seem perfect. Even power cycling the hardware failed to fix the problem. While the ISP resolves the issue, I have to continuously monitor the Internet connection as certain actions like submitting web forms would fail if initiated while the computer is offline. Luckily, there isnt a need to download another utility as the included ping command can itself help monitor the downtime.

Ping to Monitor your Internet Connection

Go to Start -> Run and type ping -t 8.8.8.8 without the quotes. The -t switch is important as it means that the ping command will run forever unless stopped manually by hitting Ctrl + C. (8.8.8.8 is Googles DNS Server) The output of the ping command, as illustrated in the above screenshot, shows the live status of your Internet connection. If the status reads as reply from 8.8.8.8, the machine is online and in all other cases, the Internet connection is down. Read more ways to troubleshoot your Internet connection.

How to Diagnose and Fix your Slow Internet Connection

Lets say you have subscribed to a fast broadband Internet connection at home and you are getting the expected download speeds that were initially promised by the ISP. However, sometimes it may happen that the speed of the same Internet connection slows down and then even simple websites may take forever to load on your machine.

Troubleshooting your Slow Internet Connection

There can be several reasons why you may be getting slower-than-usual Internet connection speeds. For instance, you could be accessing the web during peak hours. Or your download manager could be downloading files in the background thus consuming all the bandwidth. Or, if you are accessing the Internet over Wi-Fi, maybe youre too far off from the wireless router. Then there are external factors that may slow down the Internet. You are probably getting Internet through your existing phone line so if theres a fault in the wiring, that may negatively affect your connection speed. In fact, if your Internet connection is not stable and keeps dropping off frequently, blame the phone company. Does Your Telephone Line Need Repair? You dont need any special equipment to determine if your phone line is the real culprit but before we get there, lets run a few simple tests to discount all the other possibilities. Test #1. Power-cycle the router and modem unplug the cables, wait for couple of minute and then power on the modem followed by the router. If you have been experiencing connectivity issues after a power-outage, power cycling will most probably fix the issue. Test #2. Close all applications including any firewalls and anti-virus software. Then open speedtest.net to determine the actual download and upload speed of your Internet connection. If you have Wi-Fi at your place, remove the router for a moment and connect the ADSL modem directly to your computers Ethernet port via a physical LAN cable. Repeat the speed test. Did you see any improvement in the connection speed? Test #3. To ensure that none of the viruses or spyware programs are responsible for your slow Internet, open command prompt and run the following command:

netstat

f 5

This will easily help you figure out if any of the programs on your computer are silently connecting to the Internet without your knowledge. Should you find a strange process in the netstat result listing, kill it through the Task Manager. Test #4. If your Internet speed woes arent over yet, its time to inspect the phone line. No, you dont have to climb that telephone pole as the stats from your DSL modem /router will alone give the required data. Open the web dashboard of your modem /router and note the following values for the downstream connection (not upstream). The fields are generally available under Statistics > ADSL.

1. Line Attenuation (or Loop Loss) It measures how much signal is lost between the phone exchange and your modem. Great the distance between the exchange and your home, the higher the attenuation. Anything below 50dB is considered acceptable. 2. Sync Speed (or Rate) The speed at which the router connects to the exchange equipment. 3. SNR Margin (or Noise Margin) This represents the difference between your current SNR (Signal-to-Noise Ratio) and the SNR thats required to serve a particular speed. If the SNR Margin is low, you may experience frequent disconnections. Ideally, this should be 12dB or higher. Once you have all these values, paste them into the ADSL Calculator and it will give you an estimate of the maximum speed that you get from the ISP. If the SNR Margin is low or the Line Attenuation is high or if the calculated maximum speed is lesser than what you are paying for, the fault lies somewhere between your modem and the phone exchange. Keep a record of all these values at different times of the day and give your phone company a calls at its something that only they can fix. Also see: Surf the Web Faster on Slow Internet

Allowing Ping with an unmanaged Symantec Endpoint Protection client firewall

Article:TECH102959 | Created: 200701-20 | Updated: 200801-27 | Article URL http://www.symantec.com/docs/TECH102959

Article Type Technical Solution Product(s) Show all Languages Show all

Problem
How to add a rule in a Symantec Endpoint Protection client firewall to allow an unmanaged client to accept Ping.

Solution
To add a rule in the firewall polices: 1. Open the Symantec Endpoint Protection client interface 2. Select Status 3. Click Options for "Network Threat Protection" 4. Select Configure Firewall Rules 5. Click Add 6. Type a name for the new rule (Example: "Allow ICMP" ) 7. Under "Action", select Allow this traffic 8. Select the network interface card that you want this rule applied to. Note: If you want this rule to always run, select Apply this rule while the screen saver is On and/or Off. 9. Go to the Hosts tab 10. Select Apply this rule to and select where you want this rule applied. (The default is "All hosts") 11. Go to the Ports and Protocols tab 12. Click on the Dropdown menu and select the ICMP

In the sub menu, select Echo Request 8 and Echo Reply - 0 (you may select others that you need for your environment) 13. Click OK

Symantec Endpoint Protection Manager - Firewall - Policies explained Created: Updated: Article URL Article:TECH104433 | 2008-01- | 2010-11- | http://www.symantec.com/docs/TECH10443 20 30 3 Article Type Technical Solution

Product(s) Show all

Languages Show all Problem

You need more details about the Options in the Policies of the Symantec Endpoint Protection Manager (SEPM)

Solution

Rules: Rules Use this tab to work with firewall rules. You can add, edit, delete, copy, paste, import, export, inherit, and change the order of firewall rules. Table: Rules tab

Option

Description

Maximize To view the Rules list, you can change the size of the Window window in one of the following ways: and Restore Maximize Window Window Expands the window to the size of your screen Restore Window Resizes the window to the width, height, and location of the window before you maximized it. Inherit Firewall Rules from Parent Group Rules list Inherits only the rules from a parent group's Firewall Policy. You cannot inherit rules from a policy in a location that inherits all its policies from a parent group.

Displays the firewall rules. You can add, edit, delete, and move rules in this list. The list contains a blue dividing line. Rules that appear above the dividing line are of higher priority than those that appear under the line. You can use the line to separate the rules that are inherited from a parent group and those which have been implemented at the subgroup level. The dividing line also lets you set up the priority of rules for clients in mixed control. Rules above the line take precedence over the rules that the user creates on the client. The rules and the security settings that the users apply to their clients are merged with the rules that the console deploys to the client. Shaded rows and cells in the Rules list display the following colors:

Inherited rules are shaded in purple. Disabled rules are shaded in gray. Selected rules are shaded in orange and selected table cells are shaded in

green. See Table: Rules list columns. Add Rule Adds a rule by using a wizard that allows an application, a host, or a network service. Adds a blank rule to the Rules list. The firewall ignores the settings in a blank rule. Moves the rule up one row or down one row. Rules are processed in the order that they appear in the table.

Add Blank Rule Move Up/Move Down Enable this policy

Enables or disables the policy. Firewall Policies are enabled by default. However, you can set up and assign the policy first and enable it later.

The Rules list displays the default firewall rules, the inherited rules, and the rules that you create. The firewall rules are listed and enforced in the order that they are numbered. Table: Rules list columns Column name No Description

Displays the order that the firewall processes the rules. You can reorder rules to change priorities. Enables the rule. If unchecked, the firewall ignores the rule. Displays the name of the rule. Assigns one of the following levels of importance to the event: Critical Major

Enabled

Name Severity

Minor Information

The Security Log displays the severity. Application Specifies the applications that trigger the rule. If the application is detected, the rule takes effect. You can specify an application in the following ways:

Define an application by filename, path, size, date modified, or file fingerprint. Search from a list of applications that are uploaded from each client.

Host

Specifies the hosts that trigger the rule. You can identify the specific DNS domain, DNS host, IP address, IP address range, MAC address, or subnet for the computers.

Time

Time period during which the rule is active or inactive. You can set up a schedule to include or exclude a time period during which the rule is active. Specifies the services that trigger the rule. Typically, specific types of services occur on specific ports. For example, Web traffic (HTTP and HTTPS) generally occurs on ports 80 and 443. The Service list enables you to group multiple ports together. You can select a service from the list, or you can define additional services. You can add any of following ports and protocols:

Service

TCP UDP ICMP IP

Ethernet

You can apply the rule to inbound network traffic, outbound network traffic, or network traffic in both directions. Adapter Specifies the adapters that trigger the rule. You can select one or more of the following adapters:

All Adapters Any VPN Dial-up Ethernet Wireless More Adapters

Enables you to choose from a list of vendor-specific adapters or custom adapters that you add. Screen Saver Specifies which of the following states of the screen saver affects the rule:

On Off Any

The state of the screen saver does not affect the rule. Action Specifies what happens to traffic if the traffic matches the following rule conditions:

Allow Allows any communication of this type to take place.

Block Prevents any communication of this type from taking place.

Ask Asks the user to allow or block the traffic.

Logging

Specifies whether the management server creates a log entry or sends an email message when a traffic event matches the criteria that are set for this rule. You can select one ore more of the following log options:

Write to Traffic Log Write to Packet Log Send Email Alert

To send email messages, you must configure a client security alert to appear for any firewall activity on the Notifications tab of the Monitors page. Created At Specifies whether the policy was created as a shared policy or a non-shared policy for an individual location. The column displays one of the following fields:

Shared A shared policy.

Group name, such as Sales. A non-shared policy

This column is informational only. Description Provides the additional information for the rule, such as how it works. Use a description to distinguish the difference between similar rules.

Rules: Notifications You can enable or disable the notifications that appear on the client when a firewall rule blocks an application or service on the client computer. You can customize the text for this type of notification as well as notifications that appear on the client computer when the following events occur:

Applications on the client try to access the network. Applications that normally access the network are upgraded. The client software is updated.

Table: Notifications tab options Option Description

Display notification Displays a standard message on the client when on the computer the client blocks an application. when the client blocks an application You specify which applications to block on the Rules tab. Additional text to display if the action for a firewall rule is 'Ask' Displays a standard message on the client every time an application asks the user whether to access the network. You cannot enable or disable these messages; you can only add custom text to the standard text. Adds customized text to the bottom of the standard message.

Set Additional Text

Smart Traffic Filtering

Smart traffic filters allow DNS, DHCP, and WINS traffic on a network. Table: Smart traffic filters Option Enable Smart DHCP Description Allows only the outbound DHCP requests and inbound DHCP replies. Smart DHCP also allows DHCP renew. If you disable this setting, to use DHCP you must create a firewall rule that allows UDP traffic on remote ports 67 (bootps) and 68 (bootpc). The Dynamic Host Configuration Protocol (DHCP) is a protocol that assigns a dynamic IP address to a computer on a network. Dynamic addresses enable a computer to have a different IP address every time it connects to a corporate network. DHCP supports both the static IP addresses and the dynamic IP addresses. Dynamic addresses simplify network administration because the software keeps track of IP addresses. Otherwise, the administrator must manually assign a unique IP address every time a computer is added to a corporate network. If a client moves from one subnet to another, DHCP can make the appropriate adjustments to a client's IP configuration. This option is enabled by default. Enable Smart DNS Allows the outbound DNS requests to and corresponding inbound replies from assigned DNS servers only. If a computer sends out a DNS request and the response comes back within five seconds, the communication is allowed. All other DNS packets are dropped. If you disable this setting, you must create a firewall rule that allows UDP traffic for remote port 53 (domain) to use DNS. This option is enabled by default. Enable Smart WINS Allows the outbound WINS requests to and the corresponding inbound replies from assigned WINS servers only. If a computer sends out a WINS request and the response

comes back within five seconds, the communication is allowed. All other WINS packets are dropped. If you disable this setting, to use WINS you must create a firewall rule that allows UDP packets on remote port 137. WINS provides a distributed database that registers and queries dynamic mappings of NetBIOS names for the computers and the groups that a network uses. WINS maps the NetBIOS names to the IP addresses. WINS is used for NetBIOS name resolution in the routed networks that use NetBIOS over TCP/IP. The NetBIOS names are a requirement to establish networking services in earlier versions of Microsoft operating systems. The NetBIOS naming protocol is compatible with network protocols other than TCP/IP, such as NetBEUI or IPX/SPX. However, WINS was designed specifically to support NetBIOS over TCP/IP (NetBT). WINS simplifies the management of the NetBIOS namespace in TCP/IP-based networks. This option is enabled by default.

Traffic and Stealth Settings You can enable the traffic settings on the client to detect and block the traffic that communicates through drivers, NetBIOS, and token rings. You can also configure settings to detect the traffic that uses more invisible attack methods. Table: Traffic and stealth settings Option Description

Enable driver- Checks traffic that comes from both the TCP/IP stack level and other protocol drivers. protection Most attacks in a corporate network occur through Windows TCP/IP connections. Other attacks can

potentially be launched through other protocol drivers. Any protocol drivers that access a network are seen as network applications. The client then blocks protocol drivers from accessing the network unless a rule specifically allows it. If a protocol driver tries to access the network, a notification asks if the user wants to allow it. This option is enabled by default. Enable NetBIOS protection Blocks the NetBIOS traffic from an external gateway. You can use Network Neighborhood file and printer sharing on a LAN and protect a computer from NetBIOS exploits from any external network. This option blocks the NetBIOS packets (UDP 88, UDP 137, UDP 138, TCP 135, TCP 139, TCP 445, and TCP 1026) that originate from IP addresses that are not part of the defined ICANN internal ranges. These ranges include 10.x.x.x, 172.16.x.x, 192.168.x.x, and 169.254.x.x, with the exception of the 169.254.0.x and 169.254.255.x subnets. Note: NetBIOS protection can cause a problem with Microsoft Outlook if the client computer connects to a Microsoft Exchange Server that is on a different subnet. Therefore, you may want to create a firewall rule that specifically allows access to that server. This option is disabled by default. Allow token ring traffic Allows the clients that connect through a token ring adapter to access the network, regardless of the firewall rules on the client. If you disable this setting, any traffic that comes from the computers that connect through a token ring adapter cannot access the corporate network. The firewall does not filter token ring traffic. It either allows all token ring traffic or blocks all token ring traffic.

This option is disabled by default. Enable reverse Allows the client to process the firewall rules that DNS lookup define a host that uses a domain name. The firewall performs a reverse DNS lookup on inbound packet IP addresses and compares the DNS name with the name defined in the rule. Note: To identify a host by its DNS name, you must have this option enabled. If this option is enabled, you can define a rule that uses a fully qualified domain name instead of the IP address. The format for a fully qualified domain name is www.mycompany.com. If this option is disabled, the client does not process the rule. This option is disabled by default. Enable antiAllows inbound and outbound ARP (Address MAC spoofing Resolution Protocol) traffic only if an ARP request was made to that specific host. It blocks all other unexpected ARP traffic and logs it in the Security Log. Media access control (MAC) addresses are hardware addresses that identify the computers, the servers, and the routers. Some hackers use MAC spoofing to try to hijack a communication session between two computers. When computer A wants to communicate with computer B, computer A may send an ARP packet to computer B. Anti-MAC spoofing protects a computer from letting another computer reset a MAC address table. If a computer sends an ARP REQUEST message, the client allows the corresponding ARP RESPOND message within a period of 10 seconds. All client rejects all unsolicited ARP RESPOND messages. This option is disabled by default. Enable stealth Detects HTTP traffic from a Web browser on any port

mode Web browsing

and removes the browser name and version number, the operating system, and the reference Web page. It stops Web sites from detecting which operating system and browser the computer uses. It does not detect HTTPS (SSL) traffic. Warning: Stealth mode Web browsing may cause some Web sites to not function properly. Some Web servers build a Web page based on information about the Web browser. Because this option removes the browser information, some Web pages may not appear properly or at all. Stealth mode Web browsing removes the browser signature, called the HTTP_USER_AGENT, from the HTTP request header and replaces it with a generic signature. This option is disabled by default.

Enable TCP resequencing

Prevents an intruder from forging or spoofing an individual's IP address. IP spoofing is a process that hackers use to hijack a communication session between two computers, such as computer A and B. A hacker can send a data packet that causes computer A to drop the communication. Then the hacker can pretend to be computer A and communicate with and attack computer B. To protect the computer, TCP resequencing randomizes TCP sequence numbers. Note: OS fingerprint masquerading works best when TCP resequencing is enabled. Warning: TCP resequencing changes the TCP sequencing number when the client service runs. Because the sequencing number is different when the service runs and when the service does not run, network

connections are terminated when you stop or start the firewall service. TCP/IP packets use a sequence of session numbers to communicate with other computers. When the client does not run, the client computer uses the Windows number scheme. When the client runs and TCP resequencing is enabled, the client uses a different number scheme. If the client service suddenly stops, the number scheme reverts back to the Window number scheme and Windows then drops the traffic packets. Furthermore, TCP resequencing may have a compatibility issue with certain NICs that causes the client to block all inbound and outbound traffic. This option is disabled by default. Enable OS fingerprint masquerading Prevents a program from detecting the operating system of a client computer. The client changes the TTL and identification value of TCP/IP packets to prevent a program from identifying an operating system. Note: OS fingerprint masquerading works best when TCP resequencing is enabled. Warning: TCP resequencing may have a compatibility issue with certain NICs that causes the client to block all inbound and outbound traffic. This option is disabled by default.

References Online Help - SEPM

Technical Information Overview - Policies www.symantec.com/docs/TECH104436 Antivirus and Antispyware www.symantec.com/docs/TECH104430 Application and Device Control www.symantec.com/docs/TECH104431 Centralized Exceptions www.symantec.com/docs/TECH104432 Firewall www.symantec.com/docs/TECH104433 Intrusion Prevention www.symantec.com/docs/TECH104434 LiveUpdate www.symantec.com/docs/TECH104435