[LINK] One must wonder

rchirgwin at ozemail.com.au rchirgwin at ozemail.com.au
Thu Sep 1 17:24:02 EST 2005 

I suspect however F-port - or a similar request of any command line tool 
- may be too opaque for most users - see below.

I'd much rather set paranoid firewall rules, on the basis that if I find 
that something refuses to work, I can change the rules accordingly...

RC
---------------------------------------------------------------------
Pid   Process            Port  Proto Path
812                  ->  135   TCP
4     System         ->  139   TCP
4     System         ->  445   TCP
168                  ->  1026  TCP
412   thunderbird    ->  1031  TCP   C:\Program Files\Mozilla 
Thunderbird\thunderbird.exe
412   thunderbird    ->  1032  TCP   C:\Program Files\Mozilla 
Thunderbird\thunderbird.exe
0     System         ->  1314  TCP
0     System         ->  1315  TCP
0     System         ->  1316  TCP
0     System         ->  1317  TCP
0     System         ->  1335  TCP
0     System         ->  1336  TCP

0     System         ->  123   UDP
412   thunderbird    ->  123   UDP   C:\Program Files\Mozilla 
Thunderbird\thunderbird.exe
0     System         ->  137   UDP
0     System         ->  138   UDP
812                  ->  445   UDP
4     System         ->  500   UDP
168                  ->  1027  UDP
0     System         ->  1028  UDP
4     System         ->  1029  UDP
0     System         ->  1034  UDP
412   thunderbird    ->  4500  UDP   C:\Program Files\Mozilla 
Thunderbird\thunderbird.exe

Adam Neat wrote:

>If people are keen to understand what processes running on their Windows box
>are making network connections, look for a tool called F-Port. Lists all
>network connections (in all states) in a similar manner to netstat, but then
>also associates each process to network connections (in all states).
>
>Also take a look at what Network Ice and McAfee offer in the way of system
>monitoring - both can be setup to watch your machine for applications that
>are starting up and or attempting to access the network. 
>
>-------------------------------------------------
>Adam Neat | Melbourne, Australia
>email:  adamneat at anoti.com   
>msn:    adamneat_ at hotmail.com
>web:    http://www.anoti.com/adamneat/
>-------------------------------------------------
> 
>  
>
>>-----Original Message-----
>>From: link-bounces at anumail0.anu.edu.au [mailto:link-
>>bounces at anumail0.anu.edu.au] On Behalf Of rchirgwin at ozemail.com.au
>>Sent: Thursday, 1 September 2005 12:01 PM
>>To: link at anu.edu.au
>>Subject: Re: Re: [LINK] One must wonder
>>
>>The alternative, of course, is inaccurate reporting.
>>
>>FUD, of course, is not the sole preserve of vendors.
>>
>>http://support.microsoft.com/default.aspx?scid=kb;en-us;314056
>>
>>You can easily identify services operating under svchost. You could just
>>as easily terminate each process, one-by-one, if you were desperate to
>>identify which one was initiating a communications session.
>>
>>Most simply of all, you can tell the firewall (not the windows firewall,
>>but something like ZoneLabs) that svchost is not allowed to contact the
>>Internet.
>>
>>Of course none of these would occur to Joe Sixpack but the subject of the
>>story identifies himself as a tech consultant. Methinks he's identified a
>>journalist who hasn't the ability to verify the technical details for
>>himself ...
>>
>>RC
>>
>>    
>>
>>>From: Rick Welykochy <rick at praxis.com.au>
>>>Date: 01/09/2005 12:10:21
>>>To: Stephen Loosley <stephen at melbpc.org.au>
>>>CC: link at anu.edu.au
>>>Subject: Re: [LINK] One must wonder
>>>
>>>Stephen Loosley wrote:
>>>      
>>>
>
>  
>

More information about the Link mailing list