RE: Associating Windows Processes to TCPIP Ports?

From: shaolin@shaolin-tiger.com
Date: 01/27/03

  • Next message: Jonathan Bowman: "Re: security scenario" 
    Date: Mon, 27 Jan 2003 16:42:31 +0000
From: shaolin@shaolin-tiger.com
To: djsauer@swbell.net

    Quoting Don Sauer <djsauer@swbell.net>:

    > Google would be a better friend if you read the question- Dave. The
    > correct answer is Fport from foundstone. Unlike Linux windows doesn't
    > match ports to pids until >Net server comes out so on NT 4 and windows
    > 2000 you need a utility.
    >

    Windows XP has this capability and has done since it was released..

    C:\> netstat -ano

    C:\> tasklist /svc -fi "pid eq <pid goes here>"

    But seen as though we are mostly talking about NT/2000 fport [1] is the answer,
    or Activeport [2] or fports gui-fied brother Vision [3].

    [1] http://www.foundstone.com/knowledge/proddesc/fport.html
    [2] http://www.webattack.com/get/activeports.shtml
    [3] http://www.foundstone.com/knowledge/proddesc/vision.html

    > -----Original Message-----
    > From: Dave C [mailto:davec@skooter.net]
    > Sent: Tuesday, January 21, 2003 1:49 PM
    > To: security-basics@securityfocus.com
    > Subject: Re: Associating Windows Processes to TCPIP Ports?
    >
    >
    > Google is our friend...
    > http://www.google.com/search?hl=en&lr=&ie=ISO-8859-1&q=identify+TCP+portto:paul@midwesttechnologies.com?subject=Re> > Anyone know of a tool that can map TCP/UDP ports to a specific process
    > s+to+process
    >
    >
    > "David Simcik" <dave@simcik.com> wrote ..
    > > Hiya,
    > > Anyone know of a tool that can map TCP/UDP ports to a specific process
    >
    > > in Windows (NT/2000)? My apologies if this is a naive question.
    > >
    > > Thanks,
    > > David
    >
    >
    >

    -------------------------------------------------
    This mail sent through IMP: http://horde.org/imp/

    Relevant Pages

    • Re: "Network" icon
      ... To close a number of ports, GRC suggests to use the Network icon and re-configure bindings to a certain indicted form. ... There seems to be no control of Server Types, no way to uncheck "i want to enable NetBIOS over TCP/IP" on any and all protocol lines, no way to install NetBEUI, and no way to change/set hardware adaptor bindings. ... 1- The information on the GRC page is severely out of date, it was written pre Windows 2000, it makes absolutely no mention at all of any operating systems post 1998. ...
      (microsoft.public.win2000.general)
    • Re: Strange ports open
      ... but both NetBIOS / Windows networking and Exchange open ... I recommend keeping a log of the ports found open ... Administration Tools [Server Manager, User Manager, Event Viewer, Registry ...
      (microsoft.public.security)
    • Re: New/old Trojan?
      ... > looking on google ... anything on Windows systems, ... Sounds like this malware may have rootkit-like ... ports can be useless. ...
      (Incidents)
    • Re: [fw-wiz] how prevelant
      ... over the same few ports), and the tendency of script kiddies to run ... Windows attack tools, I tend to suggest that if you open your firewall up ... > it amazing they were passing domain information across the internet. ...
      (Firewall-Wizards)
    • Re: DCOM 10009 errors on SBS2008 with NAS
      ... make a specific GP rule that allows the ports to that NAS unit. ... The DCOM event id 10009 will occur when a client workstation has a miss-configured firewall or other issues affecting its network communications within the domain, for example if the workstation is not managed by an SBS GPO. ... Depending on your firewall solution this might be implemented or might require opening several ports. ... If the workstation is on a different subnet than the SBS server and it is running Windows XP SP2 or higher, the firewall exceptions provided by the SBS group policies will not properly allow the required connectivity. ...
      (microsoft.public.windows.server.sbs)