how about: netstat -b ?
*******************************
John C. Kelsey
DuBois Regional Medical Center
(: 814.375.3073
*: [email protected] <mailto:[email protected]>
*******************************
-----Original Message-----
From: c.e. gene connor [mailto:[email protected]]
Sent: Tuesday, April 14, 2009 11:39
To: NT System Admin Issues
Subject: RE: Too to find what .exe has a port open
I have tools that tell me WHAT port is open, but nothing to tell
me what app has the port open. What do you guys use?
This may be a wrong answer to your question ? But, when I use a
""stand alone network system"" to download,read or surf to bad and known
unsafe websites etc. I always have a program called active ports running
in the background and watch what ports,programs files are either opened
or started after I go to any of the evil sites.
Google = Active Ports 1.2 Free
Gene C.
In Memory of my little brother
http://genec-lori.com/
PackRat GarageSale
http://genec-lori.biz/
Genes-Computers Inc.
Yulee ,Fl
Established 1981, Microsoft OEM Registered member, system
builder & Active
registered Microsoft Partner
Active Charter Partner of The Association of System Builders and
Integrators
If you think you're beaten, Then you are!
If you give up the fight, Accept it !!
________________________________
From: Ziots, Edward [mailto:[email protected]]
Sent: Tuesday, April 14, 2009 8:02 AM
To: NT System Admin Issues
Subject: RE: Too to find what .exe has a port open
I would use Nmap to do your scanning, and then use Process
Explorer from sysinternals to find out which .exe has the port open.
BTW: GO PENN STATE NIT Champs:
BSME PENN STATE 1996..
Z
Edward Ziots
Network Engineer
Lifespan Organization
MCSE,MCSA,MCP+I, ME, CCA, Security +, Network +
[email protected]
Phone:401-639-3505
________________________________
From: andy [mailto:[email protected]]
Sent: Friday, April 10, 2009 8:47 AM
To: NT System Admin Issues
Subject: RE: Too to find what .exe has a port open
I recently scanned some of my computers with a languard beta
scanner that I have been using for years. And then scanned some
computers on my subnet and then on other subnets. They all showed ports
25 and 110 open. Since I never got false results from my languard beta
in years, I immediately suspected that all of these computers were
infected with some type of spam bot. I picked out one machine and
installed every type of free port monitor on it that I could find. All
results showed that that the ports 25 and 110 are not open. I think our
firewall guys, they just started installing and learning about
firewalls, have it setup so that the firewall intercepts any telnet
session to 25 or 110 and gives it a window. Is this possible?
I have not tried moving my languard beta scanner outside the
firewall to test the ports.
On another note, a few years ago, I used the languard scanner to
look for a trojan that was infecting computers and found a port open on
a linux machine that corresponded to the port the trojan was infecting.
Come to find out, the linux machine was using some type of proprietary
software that used the same port as the trojan. We said, eh ok, you are
clean, you can get back on the network.
At 02:47 PM 4/9/2009, Derek Lidbom wrote:
Are they UDP ports?
Does it say immediately after it checks them that they are
closed again?
My guess would be Languard see the port number and immediately
associates with Trojan, without checking to see if it is udp or tcp.
From: David Lum [ mailto:[email protected]
<mailto:[email protected]> ]
Sent: Thursday, April 09, 2009 2:42 PM
To: NT System Admin Issues
Subject: RE: Too to find what .exe has a port open
NETSTAT...I shoulda known
Netstat -ano shows nothing in that range.
Hey, if you have TCPView running when you also run a Nessus scan
on same system...now that's funny right there...
Nessus shows nothing, TCPView shows nothing, NETSTAT shows
nothing...only Languard shows something at those ports...
Dave
From: Michael B. Smith [ mailto:[email protected]
<mailto:[email protected]> ]
Sent: Thursday, April 09, 2009 11:23 AM
To: NT System Admin Issues
Subject: RE: Too to find what .exe has a port open
KISS
"netstat -ano". The "o" gives you the process owning the port,
which you can use TaskList or Task Manager to find.
If it isn't in the list - you've been pwned. (probably)
________________________________
From: David Lum [[email protected]]
Sent: Thursday, April 09, 2009 2:22 PM
To: NT System Admin Issues
Subject: RE: Too to find what .exe has a port open
Perfect thanks!
Now I have something, or not...GFI Languard scanned a machine
that says I have two KiLo ports open (6666,6667). TCPView shows nothing
in that range....comments?
Dave
From: Jake Gardner [ mailto:[email protected]
<mailto:[email protected]> ]
Sent: Thursday, April 09, 2009 11:12 AM
To: NT System Admin Issues
Subject: RE: Too to find what .exe has a port open
TCPView from SysInternals
Thanks,
Jake Gardner
TTC Network Administrator
Ext. 246
________________________________
From: David Lum [ mailto:[email protected]
<mailto:[email protected]> ]
Sent: Thursday, April 09, 2009 2:09 PM
To: NT System Admin Issues
Subject: Too to find what .exe has a port open
I have tools that tell me WHAT port is open, but nothing to tell
me what app has the port open. What do you guys use? (yes probably
discussed here before...)
David Lum // SYSTEMS ENGINEER
NORTHWEST EVALUATION ASSOCIATION
(Desk) 971.222.1025 // (Cell) 503.267.9764
***Teletronics Technology Corporation***
This e-mail is confidential and may also be privileged.? If you
are not the addressee or authorized by the addressee to receive this
e-mail, you may not disclose, copy, distribute, or use this e-mail. If
you have received this e-mail in error, please notify the sender
immediately by reply e-mail or by telephone at 267-352-2020 and destroy
this message and any copies.?
Thank you.
*******************************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~
Derek Lidbom
Director of Technology and Interactive Development, Trone
336.812.2010
[email protected]
Confidentiality Notice: This e-mail communication and any
attachments may contain confidential and privileged information for the
use of the designated recipients named above. If you are not the
intended recipient, you are hereby notified that you have received this
communication in error and that any review, disclosure, dissemination,
distribution or copying of it or its contents is prohibited. If you
have received this communication in error, please notify me immediately
by replying to this message and deleting it from your computer. Thank
you.
--------Andy-Ofalt---863-3449------405-Ag-Admin-Bldg------for
more information go to http://ict.cas.psu.edu/Contacts.html
<http://ict.cas.psu.edu/Contacts.html%A0>
<http://ict.cas.psu.edu/Contacts.html%A0> ---------- My little blurb to
eat up bandwidth and make your mail box even larger
+++++++++++++++++++++++++++++++++++++++++++++++++++
The real problem is that IP, a connectionless protocol, was
never developed to be the universal protocol. ATM was developed to serve
that purpose and failed.
+++++++++++++++++++++++++++++++++++++++++++++++++++
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~
