Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to find a process

From: Alcides <alcides.hercules () gmail com>
Date: Thu, 14 Jun 2007 15:51:24 +0530
Yes. There are several possible ways to know that which process or application is responsible for respective ports used to establish communication through TCP/IP stack of your operating system. 
Just to mention a few here:
1. TCPView : A Windows based program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and respective
2. Active ports: enables you to monitor all open TCP/IP and UDP ports on the local computer. Active Ports maps ports to the owning application so you can watch which process has opened which port. It also displays a local and remote IP address for each connection and allows you to terminate the owning process. Active Ports can help you to detect trojans and other malicious programs, as you have mentioned about the suspicious port (but are you sure this port is open on your system), this can certainly help you detect if something is really wrong. 

Hope this will help a little.
Cheers!

Francisco Rodrigo Cortinas Maseda wrote:

Hello,

my name is Fran, im a network and system administrator, and i have a
strange case, but sure somenone have had the same problem before me.

My problem is that we have some strange traffic on the firewalls, going
from a server on a DMZ to public client pools.

10:09:10.511978 00:0e:0c:71:7f:cd > 10:00:00:00:26:01, ethertype IPv4
(0x0800), length 61: IP XXXXX.44267 > XXXXXX.3072: UDP, length 19

The problem is: with netstat i only see the ports daemons are listening
on. I want to know the process that is using the outgoing port, that is,
44267.

Is there a way to know this?

Thanks in advance.
Regards.
Previous By Date Next
Previous By Thread Next

Current thread: