How to Continuously Monitor your

Internet Connection
The internet connection has been flaky for the past few days. It works fine for 10-15
minutes, breaks for about a minute and the connection is then automatically restored. This
erratic on/off cycle repeats itself throughout the day.
It is most likely an I! issue as the modem, the router, the "# ser$er, and the network
connections seem perfect. %$en power cycling the hardware failed to fi& the problem.
'hile the I! resol$es the issue, I ha$e to continuously monitor the Internet connection
as certain actions ( like submitting web forms ( would fail if initiated while the computer
is offline. )uckily, there isn*t a need to download another utility as the included ping
command can itself help monitor the downtime.
Ping to Monitor your Internet Connection
+o to tart -, -un and type .ping -t /./././0 without the 1uotes. The .-t2 switch is
important as it means that the ping command will run fore$er unless stopped manually by
hitting 3trl 4 3. 5/./././ is +oogle*s "# er$er6
The output of the ping command, as illustrated in the abo$e screenshot, shows the li$e
status of your Internet connection. If the status reads as .reply from /./././,2 the machine
is online and in all other cases, the Internet connection is down.
-ead more ways to troubleshoot your Internet connection.
How to Diagnose and Fix your Slow
Internet Connection
)et*s say you ha$e subscribed to a fast broadband Internet connection at home and you
are getting the e&pected download speeds that were initially promised by the I!.
7owe$er, sometimes it may happen that the speed of the same Internet connection slows
down and then e$en simple websites may take fore$er to load on your machine.
Troubleshooting your Slow Internet Connection
There can be se$eral reasons why you may be getting slower-than-usual Internet
connection speeds. 8or instance, you could be accessing the web during peak hours. 9r
your download manager could be downloading files in the background thus consuming
all the bandwidth. 9r, if you are accessing the Internet o$er 'i-8i, maybe you*re too far
off from the wireless router.
Then there are e&ternal factors that may slow down the Internet. :ou are probably getting
Internet through your e&isting phone line so if there*s a fault in the wiring, that may
negati$ely affect your connection speed. In fact, if your Internet connection is not stable
and keeps dropping off fre1uently, blame the phone company.
Does Your Telephone Line Need Repair
:ou don*t need any special e1uipment to determine if your phone line is the real culprit
but before we get there, let*s run a few simple tests to discount all the other possibilities.
Test !"# !ower-cycle the router and modem ( unplug the cables, wait for couple of
minute and then power on the modem followed by the router.
If you ha$e been e&periencing connecti$ity issues after a power-outage, power cycling
will most probably fi& the issue.
Test !$. 3lose all applications including any firewalls and anti-$irus software. Then open
speedtest.net to determine the actual download and upload speed of your Internet
connection.
If you ha$e 'i-8i at your place, remo$e the router for a moment and connect the ;")
modem directly to your computer*s %thernet port $ia a physical );# cable. -epeat the
speed test. "id you see any impro$ement in the connection speed<
Test !%. To ensure that none of the $iruses or spyware programs are responsible for your
slow Internet, open command prompt and run the following command=
netstat b f 5
This will easily help you figure out if any of the programs on your computer are silently
connecting to the Internet without your knowledge. hould you find a strange process in
the netstat result listing, kill it through the Task >anager.
Test !&# If your Internet speed woes aren*t o$er yet, it*s time to inspect the phone line.
#o, you don*t ha$e to climb that telephone pole as the stats from your ") modem
/router will alone gi$e the re1uired data.
9pen the web dashboard of your modem /router and note the following $alues for the
downstream connection 5not upstream6. The fields are generally a$ailable under tatistics
( , ;").
"# Line 'ttenuation 5or )oop )oss6 ( It measures how much signal is lost between the
phone e&change and your modem. Great the distance between the exchange and your
home, the higher the attenuation. ;nything below 50d? is considered acceptable.
$# Sync Speed 5or -ate6 ( The speed at which the router connects to the e&change
e1uipment.
%# SNR Margin 5or #oise >argin6 ( This represents the difference between your current
#- 5ignal-to-#oise -atio6 and the #- that*s re1uired to ser$e a particular speed. If
the SNR Margin is low, you may experience frequent disconnections. Ideally, this should
be 1@d? or higher.
9nce you ha$e all these $alues, paste them into the ;") 3alculator and it will gi$e you
an estimate of the ma&imum speed that you get from the I!.
If the #- >argin is low or the )ine ;ttenuation is high or if the calculated ma&imum
speed is lesser than what you are paying for, the fault lies somewhere between your
modem and the phone e&change. Aeep a record of all these $alues at different times of
the day and gi$e your phone company a calls at its something that only they can fi&.
;lso see= Sur( the )e* Faster on Slow Internet
'llowing +ing with an un,anaged
Sy,antec -ndpoint +rotection client
(irewall
Article:TECH102959 |
Created: 2007-
01-20
|
Updated: 2008-
01-27
|
Article URL
http://www.s!"#tec.c$!/%$cs/TECH102959
'rticle Type
Technical olution
+roduct.s/
how all
Languages
how all
Problem
7ow to add a rule in a ymantec %ndpoint !rotection client firewall to allow an
unmanaged client to accept !ing.
Solution
To add a rule in the firewall polices=
1. 9pen the ymantec %ndpoint !rotection client interface
@. elect Status
B. 3lick 0ptions for C#etwork Threat !rotectionC
D. elect Con(igure Firewall Rules
5. 3lick 'dd
E. Type a name for the new rule 5%&ample= C;llow I3>!C 6
F. Gnder C;ctionC, select 'llow this tra((ic
/. elect the network interface card that you want this rule applied to.
#ote= If you want this rule to always run, select 'pply this rule while the
screen sa1er is 0n and2or 0((.
H. +o to the 7osts tab
10. elect 'pply this rule to and select where you want this rule applied. 5The
default is C;ll hostsC6
11. +o to the +orts and +rotocols tab
1@. 3lick on the Dropdown ,enu and select the ICM+
In the sub menu, select -cho Re3uest 4 5 and -cho Reply 6 7 5you may
select others that you need for your en$ironment6
1B. 3lick 08
Sy,antec -ndpoint +rotection Manager 6 Firewall 6 +olicies explained
'rticle9T-CH"7&&%% :
Created9
$77567"6
$7
:
;pdated9
$7"76""6
%7
:
'rticle ;RL
http922www#sy,antec#co,2docs2T-CH"7&&%
%
'rticle Type
Technical Solution
+roduct.s/
Show all
Languages
Show all
+ro*le,
You need ,ore details a*out the 0ptions in the +olicies o( the Sy,antec -ndpoint
+rotection Manager .S-+M/

Solution
Rules9 Rules

;se this ta* to wor< with (irewall rules# You can add= edit= delete= copy= paste=
i,port= export= inherit= and change the order o( (irewall rules#
Ta*le9 Rules ta*
0ption Description
Maxi,i>e
)indow
and Restore
)indow
To 1iew the Rules list= you can change the si>e o( the
window in one o( the (ollowing ways9
Maxi,i>e )indow
-xpands the window to the si>e o(
your screen

Restore )indow
Resi>es the window to the width=
height= and location o( the window
*e(ore you ,axi,i>ed it#
Inherit
Firewall
Rules (ro,
+arent
?roup
Inherits only the rules (ro, a parent group@s Firewall
+olicy# You cannot inherit rules (ro, a policy in a location
that inherits all its policies (ro, a parent group#
Rules list Displays the (irewall rules# You can add= edit= delete= and
,o1e rules in this list#
The list contains a *lue di1iding line# Rules that appear
a*o1e the di1iding line are o( higher priority than those
that appear under the line# You can use the line to separate
the rules that are inherited (ro, a parent group and those
which ha1e *een i,ple,ented at the su*group le1el# The
di1iding line also lets you set up the priority o( rules (or
clients in ,ixed control# Rules a*o1e the line ta<e
precedence o1er the rules that the user creates on the
client# The rules and the security settings that the users
apply to their clients are ,erged with the rules that the
console deploys to the client#
Shaded rows and cells in the Rules list display the
(ollowing colors9
Inherited rules are shaded in purple#
Disa*led rules are shaded in gray#
Selected rules are shaded in orange
and selected ta*le cells are shaded in
green#
See Ta*le9 Rules list colu,ns#
'dd Rule 'dds a rule *y using a wi>ard that allows an application= a
host= or a networ< ser1ice#
'dd Alan<
Rule
'dds a *lan< rule to the Rules list# The (irewall ignores
the settings in a *lan< rule#
Mo1e
;p2Mo1e
Down
Mo1es the rule up one row or down one row# Rules are
processed in the order that they appear in the ta*le#
-na*le this
policy
-na*les or disa*les the policy# Firewall +olicies are
ena*led *y de(ault# Howe1er= you can set up and assign
the policy (irst and ena*le it later#
The Rules list displays the de(ault (irewall rules= the inherited rules= and the rules
that you create# The (irewall rules are listed and en(orced in the order that they are
nu,*ered#
Ta*le9 Rules list colu,ns
Colu,n
na,e
Description
No Displays the order that the (irewall processes the rules#
You can reorder rules to change priorities#
-na*led -na*les the rule# I( unchec<ed= the (irewall ignores the
rule#
Na,e Displays the na,e o( the rule#
Se1erity 'ssigns one o( the (ollowing le1els o( i,portance to the
e1ent9
Critical
MaBor
Minor
In(or,ation
The Security Log displays the se1erity#
'pplication Speci(ies the applications that trigger the rule#
I( the application is detected= the rule ta<es e((ect# You can
speci(y an application in the (ollowing ways9
De(ine an application *y (ilena,e=
path= si>e= date ,odi(ied= or (ile
(ingerprint#
Search (ro, a list o( applications
that are uploaded (ro, each client#
Host Speci(ies the hosts that trigger the rule#
You can identi(y the speci(ic DNS do,ain= DNS host= I+
address= I+ address range= M'C address= or su*net (or the
co,puters#
Ti,e Ti,e period during which the rule is acti1e or inacti1e#
You can set up a schedule to include or exclude a ti,e
period during which the rule is acti1e#
Ser1ice Speci(ies the ser1ices that trigger the rule#
Typically= speci(ic types o( ser1ices occur on speci(ic ports#
For exa,ple= )e* tra((ic .HTT+ and HTT+S/ generally
occurs on ports 57 and &&%# The Ser1ice list ena*les you to
group ,ultiple ports together#
You can select a ser1ice (ro, the list= or you can de(ine
additional ser1ices# You can add any o( (ollowing ports
and protocols9
TC+
;D+
ICM+
I+
-thernet
You can apply the rule to in*ound networ< tra((ic=
out*ound networ< tra((ic= or networ< tra((ic in *oth
directions#
'dapter Speci(ies the adapters that trigger the rule# You can select
one or ,ore o( the (ollowing adapters9
'll 'dapters
'ny C+N
Dial6up
-thernet
)ireless
More 'dapters
-na*les you to choose (ro, a list o( 1endor6speci(ic
adapters or custo, adapters that you add#
Screen
Sa1er
Speci(ies which o( the (ollowing states o( the screen sa1er
a((ects the rule9
0n
0((
'ny
The state o( the screen sa1er does not a((ect the rule#
'ction Speci(ies what happens to tra((ic i( the tra((ic ,atches the
(ollowing rule conditions9
'llow
'llows any co,,unication o( this
type to ta<e place#

Aloc<
+re1ents any co,,unication o( this
type (ro, ta<ing place#

's<
's<s the user to allow or *loc< the
tra((ic#
Logging Speci(ies whether the ,anage,ent ser1er creates a log
entry or sends an e,ail ,essage when a tra((ic e1ent
,atches the criteria that are set (or this rule#
You can select one ore ,ore o( the (ollowing log options9
)rite to Tra((ic Log
)rite to +ac<et Log
Send -,ail 'lert
To send e,ail ,essages= you ,ust con(igure a client
security alert to appear (or any (irewall acti1ity on the
Noti(ications ta* o( the Monitors page#
Created 't Speci(ies whether the policy was created as a shared policy
or a non6shared policy (or an indi1idual location#
The colu,n displays one o( the (ollowing (ields9
Shared
' shared policy#

?roup na,e= such as Sales#
' non6shared policy

This colu,n is in(or,ational only#
Description +ro1ides the additional in(or,ation (or the rule= such as
how it wor<s#
;se a description to distinguish the di((erence *etween
si,ilar rules#
Rules9 Noti(ications

You can ena*le or disa*le the noti(ications that appear on the client when a (irewall
rule *loc<s an application or ser1ice on the client co,puter# You can custo,i>e the
text (or this type o( noti(ication as well as noti(ications that appear on the client
co,puter when the (ollowing e1ents occur9
'pplications on the client try to access the networ<#
'pplications that nor,ally access the networ< are upgraded#
The client so(tware is updated#
Ta*le9 Noti(ications ta* options
0ption Description
Display noti(ication
on the co,puter
when the client
*loc<s an application
Displays a standard ,essage on the client when
the client *loc<s an application#
You speci(y which applications to *loc< on the
Rules ta*#
'dditional text to
display i( the action
(or a (irewall rule is
@'s<@
Displays a standard ,essage on the client e1ery
ti,e an application as<s the user whether to
access the networ<# You cannot ena*le or disa*le
these ,essagesD you can only add custo, text to
the standard text#
Set 'dditional Text 'dds custo,i>ed text to the *otto, o( the
standard ,essage#
S,art Tra((ic Filtering

S,art tra((ic (ilters allow DNS= DHC+= and )INS tra((ic on a networ<#
Ta*le9 S,art tra((ic (ilters
0ption Description
-na*le
S,art
DHC+
'llows only the out*ound DHC+ re3uests and in*ound DHC+
replies# S,art DHC+ also allows DHC+ renew#
I( you disa*le this setting= to use DHC+ you ,ust create a
(irewall rule that allows ;D+ tra((ic on re,ote ports EF
.*ootps/ and E5 .*ootpc/#
The Dyna,ic Host Con(iguration +rotocol .DHC+/ is a
protocol that assigns a dyna,ic I+ address to a co,puter on a
networ<# Dyna,ic addresses ena*le a co,puter to ha1e a
di((erent I+ address e1ery ti,e it connects to a corporate
networ<# DHC+ supports *oth the static I+ addresses and the
dyna,ic I+ addresses# Dyna,ic addresses si,pli(y networ<
ad,inistration *ecause the so(tware <eeps trac< o( I+
addresses# 0therwise= the ad,inistrator ,ust ,anually assign
a uni3ue I+ address e1ery ti,e a co,puter is added to a
corporate networ<# I( a client ,o1es (ro, one su*net to
another= DHC+ can ,a<e the appropriate adBust,ents to a
client@s I+ con(iguration#
This option is ena*led *y de(ault#
-na*le
S,art
DNS
'llows the out*ound DNS re3uests to and corresponding
in*ound replies (ro, assigned DNS ser1ers only#
I( a co,puter sends out a DNS re3uest and the response
co,es *ac< within (i1e seconds= the co,,unication is allowed#
'll other DNS pac<ets are dropped#
I( you disa*le this setting= you ,ust create a (irewall rule that
allows ;D+ tra((ic (or re,ote port G% .do,ain/ to use DNS#
This option is ena*led *y de(ault#
-na*le
S,art
)INS
'llows the out*ound )INS re3uests to and the corresponding
in*ound replies (ro, assigned )INS ser1ers only#
I( a co,puter sends out a )INS re3uest and the response
co,es *ac< within (i1e seconds= the co,,unication is allowed#
'll other )INS pac<ets are dropped#
I( you disa*le this setting= to use )INS you ,ust create a
(irewall rule that allows ;D+ pac<ets on re,ote port "%F#
)INS pro1ides a distri*uted data*ase that registers and
3ueries dyna,ic ,appings o( NetAI0S na,es (or the
co,puters and the groups that a networ< uses# )INS ,aps
the NetAI0S na,es to the I+ addresses# )INS is used (or
NetAI0S na,e resolution in the routed networ<s that use
NetAI0S o1er TC+2I+# The NetAI0S na,es are a re3uire,ent
to esta*lish networ<ing ser1ices in earlier 1ersions o(
Microso(t operating syste,s# The NetAI0S na,ing protocol is
co,pati*le with networ< protocols other than TC+2I+= such as
NetA-;I or I+H2S+H# Howe1er= )INS was designed
speci(ically to support NetAI0S o1er TC+2I+ .NetAT/# )INS
si,pli(ies the ,anage,ent o( the NetAI0S na,espace in
TC+2I+6*ased networ<s#
This option is ena*led *y de(ault#
Tra((ic and Stealth Settings

You can ena*le the tra((ic settings on the client to detect and *loc< the tra((ic that
co,,unicates through dri1ers= NetAI0S= and to<en rings# You can also con(igure
settings to detect the tra((ic that uses ,ore in1isi*le attac< ,ethods#
Ta*le9 Tra((ic and stealth settings
0ption Description
-na*le dri1er6
le1el protection
Chec<s tra((ic that co,es (ro, *oth the TC+2I+ stac<
and other protocol dri1ers#
Most attac<s in a corporate networ< occur through
)indows TC+2I+ connections# 0ther attac<s can
potentially *e launched through other protocol dri1ers#
'ny protocol dri1ers that access a networ< are seen as
networ< applications# The client then *loc<s protocol
dri1ers (ro, accessing the networ< unless a rule
speci(ically allows it# I( a protocol dri1er tries to access
the networ<= a noti(ication as<s i( the user wants to
allow it#
This option is ena*led *y de(ault#
-na*le
NetAI0S
protection
Aloc<s the NetAI0S tra((ic (ro, an external gateway#
You can use Networ< Neigh*orhood (ile and printer
sharing on a L'N and protect a co,puter (ro,
NetAI0S exploits (ro, any external networ<# This
option *loc<s the NetAI0S pac<ets .;D+ 55= ;D+ "%F=
;D+ "%5= TC+ "%G= TC+ "%I= TC+ &&G= and TC+ "7$E/
that originate (ro, I+ addresses that are not part o( the
de(ined IC'NN internal ranges# These ranges include
"7#x#x#x= "F$#"E#x#x= "I$#"E5#x#x= and "EI#$G&#x#x= with
the exception o( the "EI#$G&#7#x and "EI#$G&#$GG#x
su*nets#
Note9
NetAI0S protection can cause a pro*le, with
Microso(t 0utloo< i( the client co,puter connects to a
Microso(t -xchange Ser1er that is on a di((erent
su*net# There(ore= you ,ay want to create a (irewall
rule that speci(ically allows access to that ser1er#
This option is disa*led *y de(ault#
'llow to<en
ring tra((ic
'llows the clients that connect through a to<en ring
adapter to access the networ<= regardless o( the (irewall
rules on the client#
I( you disa*le this setting= any tra((ic that co,es (ro,
the co,puters that connect through a to<en ring
adapter cannot access the corporate networ<# The
(irewall does not (ilter to<en ring tra((ic# It either
allows all to<en ring tra((ic or *loc<s all to<en ring
tra((ic#
This option is disa*led *y de(ault#
-na*le re1erse
DNS loo<up
'llows the client to process the (irewall rules that
de(ine a host that uses a do,ain na,e#
The (irewall per(or,s a re1erse DNS loo<up on
in*ound pac<et I+ addresses and co,pares the DNS
na,e with the na,e de(ined in the rule#
Note9
To identi(y a host *y its DNS na,e= you ,ust ha1e this
option ena*led# I( this option is ena*led= you can de(ine
a rule that uses a (ully 3uali(ied do,ain na,e instead
o( the I+ address# The (or,at (or a (ully 3uali(ied
do,ain na,e is www#,yco,pany#co,# I( this option is
disa*led= the client does not process the rule#
This option is disa*led *y de(ault#
-na*le anti6
M'C spoo(ing
'llows in*ound and out*ound 'R+ .'ddress
Resolution +rotocol/ tra((ic only i( an 'R+ re3uest was
,ade to that speci(ic host# It *loc<s all other
unexpected 'R+ tra((ic and logs it in the Security Log#
Media access control .M'C/ addresses are hardware
addresses that identi(y the co,puters= the ser1ers= and
the routers# So,e hac<ers use M'C spoo(ing to try to
hiBac< a co,,unication session *etween two
co,puters# )hen co,puter ' wants to co,,unicate
with co,puter A= co,puter ' ,ay send an 'R+ pac<et
to co,puter A#
'nti6M'C spoo(ing protects a co,puter (ro, letting
another co,puter reset a M'C address ta*le# I( a
co,puter sends an 'R+ R-J;-ST ,essage= the client
allows the corresponding 'R+ R-S+0ND ,essage
within a period o( "7 seconds# 'll client reBects all
unsolicited 'R+ R-S+0ND ,essages#
This option is disa*led *y de(ault#
-na*le stealth
,ode )e*
*rowsing
Detects HTT+ tra((ic (ro, a )e* *rowser on any port
and re,o1es the *rowser na,e and 1ersion nu,*er=
the operating syste,= and the re(erence )e* page# It
stops )e* sites (ro, detecting which operating syste,
and *rowser the co,puter uses# It does not detect
HTT+S .SSL/ tra((ic#
)arning9
Stealth ,ode )e* *rowsing ,ay cause so,e )e* sites
to not (unction properly# So,e )e* ser1ers *uild a
)e* page *ased on in(or,ation a*out the )e*
*rowser# Aecause this option re,o1es the *rowser
in(or,ation= so,e )e* pages ,ay not appear properly
or at all# Stealth ,ode )e* *rowsing re,o1es the
*rowser signature= called the HTT+K;S-RK'?-NT=
(ro, the HTT+ re3uest header and replaces it with a
generic signature#
This option is disa*led *y de(ault#
-na*le TC+
rese3uencing
+re1ents an intruder (ro, (orging or spoo(ing an
indi1idual@s I+ address#
I+ spoo(ing is a process that hac<ers use to hiBac< a
co,,unication session *etween two co,puters= such as
co,puter ' and A# ' hac<er can send a data pac<et
that causes co,puter ' to drop the co,,unication#
Then the hac<er can pretend to *e co,puter ' and
co,,unicate with and attac< co,puter A# To protect
the co,puter= TC+ rese3uencing rando,i>es TC+
se3uence nu,*ers#
Note9
0S (ingerprint ,as3uerading wor<s *est when TC+
rese3uencing is ena*led#
)arning9
TC+ rese3uencing changes the TC+ se3uencing
nu,*er when the client ser1ice runs# Aecause the
se3uencing nu,*er is di((erent when the ser1ice runs
and when the ser1ice does not run= networ<
connections are ter,inated when you stop or start the
(irewall ser1ice# TC+2I+ pac<ets use a se3uence o(
session nu,*ers to co,,unicate with other co,puters#
)hen the client does not run= the client co,puter uses
the )indows nu,*er sche,e# )hen the client runs
and TC+ rese3uencing is ena*led= the client uses a
di((erent nu,*er sche,e# I( the client ser1ice suddenly
stops= the nu,*er sche,e re1erts *ac< to the )indow
nu,*er sche,e and )indows then drops the tra((ic
pac<ets# Further,ore= TC+ rese3uencing ,ay ha1e a
co,pati*ility issue with certain NICs that causes the
client to *loc< all in*ound and out*ound tra((ic#
This option is disa*led *y de(ault#
-na*le 0S
(ingerprint
,as3uerading
+re1ents a progra, (ro, detecting the operating
syste, o( a client co,puter# The client changes the TTL
and identi(ication 1alue o( TC+2I+ pac<ets to pre1ent a
progra, (ro, identi(ying an operating syste,#
Note9
0S (ingerprint ,as3uerading wor<s *est when TC+
rese3uencing is ena*led#
)arning9
TC+ rese3uencing ,ay ha1e a co,pati*ility issue with
certain NICs that causes the client to *loc< all in*ound
and out*ound tra((ic#
This option is disa*led *y de(ault#
Re(erences
0nline Help 6 S-+M
Technical In(or,ation

01er1iew 6 +olicies www#sy,antec#co,2docs2T-CH"7&&%E
'nti1irus and 'ntispyware www#sy,antec#co,2docs2T-CH"7&&%7
'pplication and De1ice Control www#sy,antec#co,2docs2T-CH"7&&%"
Centrali>ed -xceptions www#sy,antec#co,2docs2T-CH"7&&%$
Firewall www#sy,antec#co,2docs2T-CH"7&&%%
Intrusion +re1ention www#sy,antec#co,2docs2T-CH"7&&%&
Li1e;pdate www#sy,antec#co,2docs2T-CH"7&&%G