![]() It's very much the same information that netstat had, but in a nicer viewing format. TCPView displays a list of the current TCP and UDP connections established with the computer upon which it is run. We'll start with TCPView from Microsoft's own TechNet site. TCPVIEW EXE WINDOWS(Although the -o option is only available in Windows XP and above.) However, there are some nice GUI-based tools out there for investigating the traffic on specific computers and on your LAN. The upside it that it comes installed on Windows 2000 and above though, so it's pretty much guaranteed to be there. Therefore, it can't show changes in connections as they occur. It also just runs once unless the command is issued repeatedly. The netstat command is a fine tool, but it is command line driven as opposed to having a standard graphical user interface (GUI). (Eradicating the problem is left as an exercise for the reader.) In this case, what I've found is AOL's AIM communicating on its default port of 5190. If you do find a application listening on a port that turns out to be a known virus or Trojan horse, your fun is just beginning, but at least you're aware of its presence. If a search using the source port doesn't turn up anything conclusive, try the destination port (or both). If I didn't know what aim.exe was, I would Google that name along with the either the source or destination port and protocol (e.g., "aim.exe tcp 5190"). From the popup menu, choose the Task Manager.įrom the Task Manager window above, I find that the application's name is aim.exe, which is the name of AOL Instant Messenger application. To bring up the Task Manager, you can either hit Ctrl-Alt-Del (Windows XP only) or right-click (not left-click) on an empty spot in the toolbar at the bottom of the screen as shown here. For that, we can use the windows Task Manager. Now, we need to find out what process matches this process ID. The process ID associated with that port 2864. ![]() Let's assume we decide that having two connections to Internet servers at (the remote) destination port 5190 somewhat suspicious. Generally, it is the remote (foreign) connection information that we want to inspect. (The "-n" option instructs netstat to use raw IP addresses in its results rather than attempting to resolve the IP addresses to their respective domain and host names.) Since I am using the Windows XP operating system in this example, I can add "-o" option to display the process ID number or "PID" of the program using that port. ![]() It lists the protocol (either TCP or UDP), Local (IP) Address, Foreign (remote IP) Address, and the connection's state (for TCP connections). The "-a" option instructs netstat to display the active network connections. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |