Re: Ports->Process on Win NT/2k
From: Ivan Coric (ivan.coric@workcoverqld.com.au)Date: 09/26/02
- Previous message: Robert Sieber: "RE: Ports->Process on Win NT/2k"
- Maybe in reply to: R Pradeep Chandran: "Ports->Process on Win NT/2k"
- Next in thread: baba ali: "Re: Ports->Process on Win NT/2k"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Sep 2002 08:26:28 +1000 From: "Ivan Coric" <ivan.coric@workcoverqld.com.au> To: <rpc@pobox.com>, <security-basics@securityfocus.com>
Hey, I think fport from Foundstone is what your after.
cheers
Ivan
-----------------------------------------------------------------------------------------
Readme for fport v2.0
fport supports Windows NT4, Windows 2000 and Windows XP
fport reports all open TCP/IP and UDP ports and maps them to the owning application.
This is the same information you would see using the 'netstat -an' command, but it also
maps those ports to running processes with the PID, process name and path. Fport can be
used to quickly identify unknown open ports and their associated applications.
Usage:
C:\>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com
Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe
The program contains five (5) switches. The switches may be utilized using either a '/'
or a '-' preceding the switch. The switches are;
Usage:
/? usage help
/p sort by port
/a sort by application
/i sort by pid
/ap sort by application path
For updates visit: www.foundstone.com
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric@workcoverqld.com.au
>>> R Pradeep Chandran <rpc@pobox.com> 09/25/02 04:24pm >>>
Hi All,
Is there any utility which provides information on the owner(?)
of a socket on Win NT/2k? What I want, is to find out which process has
opened a socket on the machine. For example, if netstat shows that a
process is listening on port 80, I should be able to use this utility
and find out what that process is.
Hve a nice day,
Pradeep
--
Keep me away from the wisdom which does not cry, the philosophy which
does not laugh and the greatness which does not bow before children.
-Kahlil Gibran, mystic, poet and artist (1883-1931)
R Pradeep Chandran
***************************************************************************
Messages included in this e-mail and any of its attachments are those
of the author unless specifically stated to represent WorkCover Queensland.
The contents of this message are to be used for the intended purpose only
and are to be kept confidential at all times. This message may contain
privileged information directed only to the intended addressee/s.
Accidental receipt of this information should be deleted promptly
and the sender notified.
This e-mail has been scanned by Sophos for known viruses.
However, no warranty nor liability is implied in this respect.
**********************************************************************
- Previous message: Robert Sieber: "RE: Ports->Process on Win NT/2k"
- Maybe in reply to: R Pradeep Chandran: "Ports->Process on Win NT/2k"
- Next in thread: baba ali: "Re: Ports->Process on Win NT/2k"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
