the best thing to do is to use network sniffers this software captures tcp/ip packets
get this software u can find who are invading your computer
Ethereal: A Network Protocol Analyzer
Powerful Multi-Platform Analysis
Ethereal® is used by network professionals around the world for troubleshooting, analysis, software and protocol development, and education.
Features
Ethereal is still technically beta software, but it has a comprehensive feature set and is suitable for production use. Here is the list of features, current as of version 0.9.14, in no particular order:
* Data can be captured "off the wire" from a live network connection, or read from a capture file.
* Ethereal can read capture files from tcpdump (libpcap), NAI's Sniffer™ (compressed and uncompressed), Sniffer™ Pro, NetXray™, Sun snoop and atmsnoop, Shomiti/Finisar Surveyor, AIX's iptrace, Microsoft's Network Monitor, Novell's LANalyzer, RADCOM's WAN/LAN Analyzer, HP-UX nettl, i4btrace from the ISDN4BSD project, Cisco Secure IDS iplog, the pppd log (pppdump-format), the AG Group's/WildPacket's EtherPeek/TokenPeek/AiroPeek, or Visual Networks' Visual UpTime. It can also read traces made from Lucent/Ascend WAN routers and Toshiba ISDN routers, as well as the text output from VMS's TCPIPtrace utility and the DBS Etherwatch utility for VMS. Any of these files can be compressed with gzip and Ethereal will decompress them on the fly.
* Live data can be read from Ethernet, FDDI, PPP, Token-Ring, IEEE 802.11, Classical IP over ATM, and loopback interfaces (at least on some platforms; not all of those types are supported on all platforms).
* Captured network data can be browsed via a GUI, or via the TTY-mode "tethereal" program.
* Capture files can be programmatically edited or converted via command-line switches to the "editcap" program.
* 759 protocols can currently be dissected:
download free ::http://www.ethereal.com/