Internet Security 2012
Network Monitor
Kaspersky Internet Security 2012
Table of Contents
Network Monitor ............................................................................................................................... 2
Network Activity ............................................................................................................................ 3
Open ports .................................................................................................................................... 6
Network traffic ............................................................................................................................... 9
Blocked computers ..................................................................................................................... 10
1 | 10
Kaspersky Internet Security 2012
Network Monitor
Network Monitor is a tool in KIS 2012 used to display information about network activities filtered
by the Firewall component in real time as a report.
The Network Monitor window can be opened from the application context menu, the main
application window and using Kaspersky Gadget (only for Windows 7 and Windows Vista).
To open the Network Monitor window using the context menu, right-click KIS 2012 icon in the
Windows taskbar notification area. From the opened menu select Tools and then select Network
Monitor.
To open the Network Monitor window from the main application window, perform the following
actions:
1. Open the main application window.
2. In the management panel select Network Monitor.
To open the Network Monitor window using Kaspersky Gadget, Kaspersky Gadget should be
configured so that the option of opening the Network Monitor window would be assigned to one
of its buttons. See the Interface chapter, to know how to configure the Gadget.
If the corresponding configuration has already been performed and the gadget is in a smaller size,
then in order to launch Network Monitor, click the corresponding gadget button.
2 | 10
Kaspersky Internet Security 2012
If the corresponding configuration has already been performed and the gadget is in a larger size,
then in order to launch Network Monitor, select the corresponding gadget button on the gadget
control panel and click the button.
The Network Monitor window will provide the information grouped on the following tabs:
► Network Activity;
► Open ports;
► Network traffic;
► Blocked computers.
Let’s study each tab in detail.
Network Activity
This tab contains all active network connections currently established on your computer.
The following information for each connection is displayed:
► name of the process (program, service, server) that initiated the connection;
► the connection protocol;
► connection settings (local and remote ports and IP addresses).;
► connection duration;
► transferred/received data volume.
3 | 10
Kaspersky Internet Security 2012
Clicking the “+” character in the header of the Protocol, Remote address and Bytes
received/sent data column splits these columns into several smaller ones with more detailed
information about the network activity of the selected process.
For each connection it lists the following information: the name of an application that initiated this
connection, the connection protocol, the direction of the connection (inbound or outbound), the
connection settings (local and remote ports and IP addresses). Here you can also check the
lifetime of this connection and the volume of data sent/received.
The bottom part of the window displays a network traffic chart that shows volumes of inbound and
outbound traffic for a process selected from the list. The chart reflects traffic volume in real time.
Traffic volume is displayed in kilobytes. You can use the + and – buttons to change the scale of
the chart.
The Rules settings button on the Network activity tab takes you to the Firewall window where
you can configure network rules. According to the rule, set by KIS 2012 or by the user, Firewall
allows or blocks network activity to the data packet or application.
Correspondingly, only activity allowed by the established network rules is displayed in the
Network Monitor window on the Network activity tab.
If you have configured a blocking network rule, activity which was blocked by this rule is not
displayed in the Network Monitor window on the Network activity tab.
To configure a packet rule, click the Rules settings button and in the drop-down menu select the
All network rules item.
To configure a rule for an application, click the Rules settings button and in the drop-down menu
select the Application network rules item.
You can find more detailed information about how to configure rules from the Firewall window in
the Firewall chapter.
If you click the Block network traffic button, Firewall blocks network activity of any processes. If
network activity is blocked, this button is designated as Unblock network traffic. If you click the
Unblock network traffic button, Firewall allows network activity of any processes.
4 | 10
Kaspersky Internet Security 2012
Clicking the Filter button opens a menu that contains the following items:
► Show connections established by Kaspersky Internet Security – the list displays
information about connections established by Kaspersky Internet Security.
► Show local connections – the list displays information about connections to other
computers on the same local network.
5 | 10
Kaspersky Internet Security 2012
Open ports
The tab contains information about all open ports for each process.
The following information is displayed for each port:
► name of the process (application, service, server) which uses the port, number of the port,
local IP address of the process;
► data transfer protocol.
To configure packet rules and rules for applications click the Rules settings button. The opened
menu contains the following items:
► All network rules – opens the Firewall window, where you can configure packet rules for
an application selected from the list.
According to the configured packet rule, Firewall allows or blocks network activity to the
data packet. Packet rules have higher priority than rules for applications.
For example, TCP protocol is used for the QIP process in the Network Monitor window.
If you click the button Rules settings > All network rules, in the Firewall window on the
Packet rules tab you can define a Firewall action for all incoming TCP packets. If you
select the Block action, then network activity of incoming TCP packets will be blocked for
all processes that work with this protocol, including the QIP process.
6 | 10
Kaspersky Internet Security 2012
If you click the button Rules settings > All network rules, in the Firewall window on the
Packet rules tab you can define a Firewall action for all incoming TCP packets. If you
select the Block action, then network activity of incoming TCP packets will be blocked for
all processes that work with this protocol, including the QIP process.
► Application network rules – opens the Application rules window, where you can
configure a network rule for an application selected from the list.
According to the rule, Firewall blocks or allows network activity for an application. You can
view (and, if necessary, edit) what rules are established for what application.
7 | 10
Kaspersky Internet Security 2012
For example, in the Network Monitor window select an application and click the button
Rules settings > Application network rules.
Pay attention, the Application network rules item becomes active only if a process is
selected from the list.
Next, on the Network rules tab you can view and edit rules, defined for the selected
application.
You can find more detailed information about rules for applications and how to edit these rules in
the Firewall subchapter from the Advanced settings chapter.
Clicking the Filter button you can sort out the list of ports by a specified criterion:
8 | 10
Kaspersky Internet Security 2012
► All open ports – the list displays all open ports of your computer.
► All except loopback – the list displays all ports except for those being used by the network
software of your operating system.
Network traffic
The tab contains information about all inbound and outbound connections established between
your computer and other computers.
Incoming and outgoing traffic volume is displayed for each program (computer, service, server,
process). Traffic volume is displayed in bytes, kilobytes and megabytes.
The bottom part of the window displays a chart that shows time distribution of traffic of the
selected application for the specified time interval.
9 | 10
Kaspersky Internet Security 2012
You can view information for a day, week, month, year or the entire period of the application
operation. To set the required time interval, use the drop-down Period list. Clicking the arrow
buttons in the right part of the window allows you to view the data distribution for the
previous and following time intervals.
The search bar is designed for quickly searching for records in the list. As the symbols are
entered, the list displays only entries that contain that particular combination of character.
Pay attention, after installation of a Kaspersky Lab product onto a computer, you may notice sharp
increase of incoming and outgoing traffic on this computer. The matter is Kaspersky Lab products
function in the proxy-server mode and therefore scan all Internet traffic before the downloaded
information gets onto your hard drive.
Kaspersky Lab products include their own internal requests into the general statistics of the
incoming and outgoing internet traffic. Third-party applications for statistics calculation also
consider their internal traffic. This statistics differs from the traffic statistics calculated by your
Internet provider and no payment is taken for the internal traffic on your computer, i.e. in reality
your traffic is not spent. This can be easily proven by a request on statistics from your provider.
Blocked computers
The tab contains information about the hosts for which Network Attack Blocker has forbidden all
network activity aimed at your computer.
The Address column displays the IP address of a blocked host.
The Time column displays the time elapsed since blocking of the host.
By default, Network Attack Blocker blocks the incoming traffic of an attacking computer for one
hour.
You can find more about how to change the computer blocking settings in the Advanced
application settings > Network Attack Blocker.
Clicking the Unblock button cancels blocking of the selected computer.
10 | 10