RE: RE: a tool like nestat

From: Bénoni MARTIN (Benoni.MARTIN_at_libertis.ga)
Date: 09/10/04

  • Next message: Burton M. Strauss III: "RE: SQL Server Integrity"
    Date: Fri, 10 Sep 2004 09:25:51 +0100
    To: "Hamish Stanaway" <koremeltdown@hotmail.com>, <jwichman@new.rr.com>
    
    

    Yep, -b is with XP Pro...but with the SP2, you are probably with SP1. However, SP2 does not seem reliable enough and many usual applications does not seem to work well with SP2 ...

    Visio from foundstone is quite a good tool, however it does not work under XP :(. I can advice you TCPView (from www.sysinternals.com I think), or PortReporter(PortRptr.exe from Micro$oft)...

    HTH !

     

    -----Message d'origine-----
    De : Hamish Stanaway [mailto:koremeltdown@hotmail.com]
    Envoyé : jeudi 9 septembre 2004 08:50
    À : jwichman@new.rr.com
    Cc : juanbabi@yahoo.com; security-basics@securityfocus.com
    Objet : Re: RE: a tool like nestat

    Hi there,

    Netstat -bvan does not work for me. Netstat -van does however, so maybe there is no -b switch on XP Pro? The method I was talking about you take the PID from netstat and run it against task, and it tells you the application for that particular PID.
    I would love to learn a new way of how to do this though :)

    Kindest of regards,

    Hamish Stanaway, CEO

    Absolute Web Hosting / -= KoRe WoRkS =- Internet Security Auckland, New Zealand

    http://www.webhosting.net.nz
    http://www.buywebhosting.co.nz
    http://www.koreworks.com

    >From: jwichman@new.rr.com
    >Reply-To: jwichman@new.rr.com
    >To: Hamish Stanaway <koremeltdown@hotmail.com>
    >CC: juanbabi@yahoo.com, security-basics@securityfocus.com
    >Subject: Re: RE: a tool like nestat
    >Date: Sun, 05 Sep 2004 03:26:41 -0500
    >MIME-Version: 1.0
    >Received: from outgoing3.securityfocus.com ([205.206.231.27]) by
    >mc4-f18.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Thu, 9 Sep
    >2004 00:20:10 -0700
    >Received: from lists.securityfocus.com (lists.securityfocus.com
    >[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with QMQPid
    >DF5682396F6; Tue, 7 Sep 2004 11:05:16 -0600 (MDT)
    >Received: (qmail 29899 invoked from network); 5 Sep 2004 02:06:53 -0000
    >X-Message-Info: JGTYoYF78jFA/WoKFoslzZt1x97yDnKd
    >Mailing-List: contact security-basics-help@securityfocus.com; run by
    >ezmlm
    >Precedence: bulk
    >List-Id: <security-basics.list-id.securityfocus.com>
    >List-Post: <mailto:security-basics@securityfocus.com>
    >List-Help: <mailto:security-basics-help@securityfocus.com>
    >List-Unsubscribe:
    ><mailto:security-basics-unsubscribe@securityfocus.com>
    >List-Subscribe: <mailto:security-basics-subscribe@securityfocus.com>
    >Delivered-To: mailing list security-basics@securityfocus.com
    >Delivered-To: moderator for security-basics@securityfocus.com
    >Message-id: <126418c1264ce4.1264ce4126418c@rdc-kc.rr.com>
    >X-Mailer: iPlanet Messenger Express 5.2 HotFix 1.21 (built Sep 8 2003)
    >Content-language: en
    >X-Accept-Language: en
    >Priority: normal
    >X-Virus-Scanned: Symantec AntiVirus Scan Engine
    >Return-Path:
    >security-basics-return-29892-koremeltdown=hotmail.com@securityfocus.com
    >X-OriginalArrivalTime: 09 Sep 2004 07:20:10.0670 (UTC)
    >FILETIME=[71076CE0:01C4963D]
    >
    >I believe you're looking for netstat -bvan
    >
    >netstat /? will give more information.... that is if you're using a XP box.
    > Otherwise I normally use a program from systernals.com to get the
    >details... can't think of the program name off the top of my head though.
    >
    >
    >
    >----- Original Message -----
    >From: Hamish Stanaway <koremeltdown@hotmail.com>
    >Date: Wednesday, September 1, 2004 4:29 am
    >Subject: RE: a tool like nestat
    >
    > > Hi there Juan,
    > >
    > > What version of windows are you using (I presume you are using
    > > windows as you refer to netstat)?
    > > It is possible to track what application is using what port using
    > > the process number, all doable via a standard XP box in DOS.
    > > If you are more interested, let me know and I will find the thread
    > > (which admittedly is around a year old now) which refers to how to
    > > do this.
    > >
    > >
    > > Kindest of regards,
    > >
    > > Hamish Stanaway, CEO
    > >
    > > Absolute Web Hosting / -= KoRe WoRkS =- Internet Security
    > > Auckland, New Zealand
    > >
    > > http://www.webhosting.net.nz
    > > http://www.buywebhosting.co.nz
    > > http://www.koreworks.com
    > >
    > >
    > >
    > >
    > >
    > > >From: Juan B <juanbabi@yahoo.com>
    > > >To: security-basics@securityfocus.com
    > > >Subject: a tool like nestat
    > > >Date: Mon, 30 Aug 2004 10:10:02 -0700 (PDT)
    > > >MIME-Version: 1.0
    > > >Received: from outgoing3.securityfocus.com ([205.206.231.27]) by
    > > >mc1-f10.hotmail.com with Microsoft SMTPSVC(5.0.2195.6824); Wed, 1
    > > Sep 2004
    > > >01:47:39 -0700
    > > >Received: from lists.securityfocus.com (lists.securityfocus.com
    > > >[205.206.231.19])by outgoing3.securityfocus.com (Postfix) with
    > > QMQPid
    > > >E09E9273E4E; Tue, 31 Aug 2004 15:56:30 -0600 (MDT)
    > > >Received: (qmail 8655 invoked from network); 30 Aug 2004 14:35:57
    > > -0000
    > > >X-Message-Info: 6sSXyD95QpU39lmjQMBSF8QY3/fWlJmM
    > > >Mailing-List: contact security-basics-help@securityfocus.com; run
    > > by ezmlm
    > > >Precedence: bulk
    > > >List-Id: <security-basics.list-id.securityfocus.com>
    > > >List-Post: <security-basics@securityfocus.com>
    > > >List-Help: <security-basics-help@securityfocus.com>
    > > >List-Unsubscribe: <security-basics-unsubscribe@securityfocus.com>
    > > >List-Subscribe: <security-basics-subscribe@securityfocus.com>
    > > >Delivered-To: mailing list security-basics@securityfocus.com
    > > >Delivered-To: moderator for security-basics@securityfocus.com
    > > >Message-ID: <20040830171002.79558.qmail@web40807.mail.yahoo.com>
    > > >Return-Path:
    > > >security-basics-return-29831-
    > > koremeltdown=hotmail.com@securityfocus.com>X-OriginalArrivalTime:
    > > 01 Sep 2004 08:47:40.0644 (UTC)
    > > >FILETIME=[56F3E240:01C49000]
    > > >
    > > >Hi,
    > > >
    > > >I know there is a tool more sofisticated than netstat
    > > >
    > > >that can even show me which file is listening to
    > > >connections and stuff like that.
    > > >
    > > >do u know about such tool ?
    > > >
    > > >thanks
    > > >
    > > >
    > > >
    > > >__________________________________
    > > >Do you Yahoo!?
    > > >New and Improved Yahoo! Mail - Send 10MB messages!
    > > >http://promotions.yahoo.com/new_mail
    > > >
    > > >------------------------------------------------------------------
    > > ---------
    > > >Computer Forensics Training at the InfoSec Institute. All of our
    > > class
    > > >sizes
    > > >are guaranteed to be 12 students or less to facilitate one-on-one
    > > >interaction with one of our expert instructors. Gain the in-
    > > demand skills
    > > >of
    > > >a certified computer examiner, learn to recover trace data left
    > > behind by
    > > >fraud, theft, and cybercrime perpetrators. Discover the source of
    > > computer>crime and abuse so that it never happens again.
    > > >
    > >
    > >http://www.infosecinstitute.com/courses/computer_forensics_training.html
    > > >------------------------------------------------------------------
    > > ----------
    > > >
    > >
    > > _________________________________________________________________
    > > Is your PC infected? Get a FREE online computer virus scan from
    > > McAfee®
    > > Security. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
    > >
    > >
    > > -------------------------------------------------------------------
    > > --------
    > > Computer Forensics Training at the InfoSec Institute. All of our
    > > class sizes
    > > are guaranteed to be 12 students or less to facilitate one-on-one
    > > interaction with one of our expert instructors. Gain the in-demand
    > > skills of
    > > a certified computer examiner, learn to recover trace data left
    > > behind by
    > > fraud, theft, and cybercrime perpetrators. Discover the source of
    > > computercrime and abuse so that it never happens again.
    > >
    > > http://www.infosecinstitute.com/courses/computer_forensics_training.html
    > > -------------------------------------------------------------------
    > > ---------
    > >
    > >
    >
    >
    >---------------------------------------------------------------------------
    >Computer Forensics Training at the InfoSec Institute. All of our class
    >sizes
    >are guaranteed to be 12 students or less to facilitate one-on-one
    >interaction with one of our expert instructors. Gain the in-demand skills
    >of
    >a certified computer examiner, learn to recover trace data left behind by
    >fraud, theft, and cybercrime perpetrators. Discover the source of computer
    >crime and abuse so that it never happens again.
    >
    >http://www.infosecinstitute.com/courses/computer_forensics_training.html
    >----------------------------------------------------------------------------
    >

    _________________________________________________________________
    FREE pop-up blocking with the new MSN Toolbar - get it now!
    http://toolbar.msn.click-url.com/go/onm00200415ave/direct/01/

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------

    ---------------------------------------------------------------------------
    Computer Forensics Training at the InfoSec Institute. All of our class sizes
    are guaranteed to be 12 students or less to facilitate one-on-one
    interaction with one of our expert instructors. Gain the in-demand skills of
    a certified computer examiner, learn to recover trace data left behind by
    fraud, theft, and cybercrime perpetrators. Discover the source of computer
    crime and abuse so that it never happens again.

    http://www.infosecinstitute.com/courses/computer_forensics_training.html
    ----------------------------------------------------------------------------


  • Next message: Burton M. Strauss III: "RE: SQL Server Integrity"