RE: Ports->Process on Win NT/2k
From: Nero, Nick (Nick.Nero@disney.com)Date: 09/26/02
- Previous message: Inlynx news: "PWL cracker tool"
- Maybe in reply to: R Pradeep Chandran: "Ports->Process on Win NT/2k"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 26 Sep 2002 13:35:17 -0400 From: "Nero, Nick" <Nick.Nero@disney.com> To: <security-basics@securityfocus.com>
Try Activeports as well. Really nice util.
-----Original Message-----
From: Ivan Coric [mailto:ivan.coric@workcoverqld.com.au]
Sent: Wednesday, September 25, 2002 6:26 PM
To: rpc@pobox.com; security-basics@securityfocus.com
Subject: Re: Ports->Process on Win NT/2k
Hey, I think fport from Foundstone is what your after.
cheers
Ivan
------------------------------------------------------------------------
-----------------
Readme for fport v2.0
fport supports Windows NT4, Windows 2000 and Windows XP
fport reports all open TCP/IP and UDP ports and maps them to the owning
application. This is the same information you would see using the
'netstat -an' command, but it also maps those ports to running processes
with the PID, process name and path. Fport can be used to quickly
identify unknown open ports and their associated applications.
Usage:
C:\>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com
Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe
The program contains five (5) switches. The switches may be utilized
using either a '/'
or a '-' preceding the switch. The switches are;
Usage:
/? usage help
/p sort by port
/a sort by application
/i sort by pid
/ap sort by application path
For updates visit: www.foundstone.com
Ivan Coric
IT Security Officer
Information Technology
WorkCover Queensland
Ph: (07) 30066414 Fax: (07) 30066424
Email: ivan.coric@workcoverqld.com.au
>>> R Pradeep Chandran <rpc@pobox.com> 09/25/02 04:24pm >>>
Hi All,
Is there any utility which provides information on the owner(?)
of a socket on Win NT/2k? What I want, is to find out which process has
opened a socket on the machine. For example, if netstat shows that a
process is listening on port 80, I should be able to use this utility
and find out what that process is. Hve a nice day, Pradeep
--
Keep me away from the wisdom which does not cry, the philosophy which
does not laugh and the greatness which does not bow before children.
-Kahlil Gibran, mystic, poet and artist (1883-1931) R
Pradeep Chandran
************************************************************************
***
Messages included in this e-mail and any of its attachments are those of
the author unless specifically stated to represent WorkCover Queensland.
The contents of this message are to be used for the intended purpose
only and are to be kept confidential at all times. This message may
contain privileged information directed only to the intended
addressee/s. Accidental receipt of this information should be deleted
promptly and the sender notified.
This e-mail has been scanned by Sophos for known viruses. However, no
warranty nor liability is implied in this respect.
**********************************************************************
- Previous message: Inlynx news: "PWL cracker tool"
- Maybe in reply to: R Pradeep Chandran: "Ports->Process on Win NT/2k"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
