Netstat -b only works with versions of Windows XP and greater (i.e. not Windows 2000/98/95 etc) -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: December 1, 2005 2:27 PM To: [email protected] Subject: Why using fport if netstat -b does much more ?
hi, i've just noticed that netstat as an option (-b) that allow to list port and the processes which are binded to. fport (-foundstone free utility-) allow just to see processes and local ports. Netstat -b allow to see processes (and dlls involved in the TCP/IP connection), local ports and remote ports and remote IP address ! Remote IP address and remote ports could be useful when investigating. Why any of the famous books related to windows forensics (Incident responsw & computer forensics -FOundstone-, Windows Forensics -Carvey-, ...) doesn't talk about the -b option ? i'm going to update my Automated response script with netstat -b ! Greetings.
