Focus if F-Port using is to see the full path of the executeable opens the listener and establish the connection. Netstat -b show the name and PID of the executeable only. Always combine various tools to prove it: Netstat -ANB => Best option to use, but also with combination to FPORT and/or TCPVIEW.
Hide a rootkit and/or some trojans on your system and you'll see how helpful various tools can be effectively. Best regards, Andreas Habedank -----Ursprüngliche Nachricht----- Von: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Gesendet: Donnerstag, 1. Dezember 2005 19:27 An: [email protected] Betreff: Why using fport if netstat -b does much more ? hi, i've just noticed that netstat as an option (-b) that allow to list port and the processes which are binded to. fport (-foundstone free utility-) allow just to see processes and local ports. Netstat -b allow to see processes (and dlls involved in the TCP/IP connection), local ports and remote ports and remote IP address ! Remote IP address and remote ports could be useful when investigating. Why any of the famous books related to windows forensics (Incident responsw & computer forensics -FOundstone-, Windows Forensics -Carvey-, ...) doesn't talk about the -b option ? i'm going to update my Automated response script with netstat -b ! Greetings.
