Hello,
Recall that Service Pack 2 was released mid 2004 (or so..) That particular flag is unavailable in pre-SP2 installations. Both of those books that you mentioned were published before that date. Given that new binary, I would use 'netstat -anvb' ( especially -n if you do not want to generate DNS traffic). Once systems are deployed with the new monad shell, the scripting will become easier.
There are a number of tools that we use in place of what was originally published. I would suggest using the books as a guide for the less ephemeral topics, focusing on the principles behind tool choice and validation. When a newer application is written that replaces or improves upon the functionality of a particular tool check it's validity, know its limits and use it. By all means, share what you find as well.
-- Matt On Dec 1, 2005, at 1:27 PM, [EMAIL PROTECTED] wrote:
hi,i've just noticed that netstat as an option (-b) that allow to list port and the processes which are binded to. fport (-foundstone free utility-) allow just to see processes and local ports.Netstat -b allow to see processes (and dlls involved in the TCP/IP connection), local ports and remote ports and remote IP address ! Remote IP address and remote ports could be useful when investigating.Why any of the famous books related to windows forensics (Incident responsw & computer forensics -FOundstone-, Windows Forensics - Carvey-, ...) doesn't talk about the -b option ?i'm going to update my Automated response script with netstat -b ! Greetings.
smime.p7s
Description: S/MIME cryptographic signature
