Hi all. At 13:27 12/01/2005, [EMAIL PROTECTED] wrote: >hi, > >i've just noticed that netstat as an option (-b) that allow to list port and >the processes which are binded to. >fport (-foundstone free utility-) allow just to see processes and local ports. > >Netstat -b allow to see processes (and dlls involved in the TCP/IP >connection), local ports and remote ports and remote IP address ! >Remote IP address and remote ports could be useful when investigating. > >Why any of the famous books related to windows forensics (Incident responsw & >computer forensics -FOundstone-, Windows Forensics -Carvey-, ...) doesn't talk >about the -b option ? > >i'm going to update my Automated response script with netstat -b ! > >Greetings.
I haven't used "netstat -b" a lot to learn tricks and hints ans all, but I find fport to be more thorough and complete. /kess ========================================================================= Gary C. Kessler [EMAIL PROTECTED] Associate Professor Project Director Program Director - Computer Networking, Information Security Computer & Digital Forensics, and Vt. Information Technology Ctr. Information Security Champlain College Office: +1 802-865-6460 West Hall, Room 12 Fax: +1 802-865-6446 163 South Willard Street Cell: +1 802-238-8913 Burlington, VT 05401 http://infosec.champlain.edu http://digitalforensics.champlain.edu [EMAIL PROTECTED] http://networking.champlain.edu http://www.garykessler.net PGP Public Key: http://www.garykessler.net/kumquat_pubkey.html
