Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Re: OT? New compromise.

From: "Mark" <firewalladmin () bellsouth net>
Date: Thu, 29 Mar 2007 18:35:25 -0400
Hi guys, it's just me lurking (always lurking, rarely posting). Anyway, one
can tell this forum is a lot of *nix and Cisco guys. 

The built in WinXP utility netstat has had the -o and -b options for years
now. The former will show you the owning process id associated with a
connection and the latter will list the executable involved. Used to be you
had to use fport by sysinternals, but not any more.

Take care,
Mark

-----Original Message-----
From: firewall-wizards-bounces () listserv icsalabs com
[mailto:firewall-wizards-bounces () listserv icsalabs com] On Behalf Of Mattias
Ahnberg
Sent: Thursday, March 29, 2007 2:30 AM
To: Firewall Wizards Security Mailing List
Subject: Re: [fw-wiz] OT? New compromise.

J. Oquendo wrote:

program called openports which would run on the machine and relate any
LISTENING or ESTABLISHED ports to the actual file that has the port
open. This would then give you the service/process/program waiting for
traffic on that port.

On Windows
/c:\netstat -an |find /i "listening"/

Why download when you can use existing tools...


Because that command does not let you know what application on
your local machine has the port bound?

There are tools like openports or the sysinternals set you may
use for that purpose, but to my knowledge there aren't any
built into Windows itself to do this.
-- 
/ahnberg.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards


_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: