are there any tools that can give
take a normal netstat -a from a windows 2000 machine for example
TCP lee:1093 lee:0 LISTENING
TCP lee:1097 lee:0 LISTENING
TCP lee:netbios-ssn lee:0 LISTENING
TCP lee:1071 lee:0 LISTENING
TCP lee:1071 NEXUS:netbios-ssn ESTABLISHED
TCP lee:1073 lee:0 LISTENING
UDP lee:epmap *:*
UDP lee:microsoft-ds *:*
UDP lee:1028 *:*
UDP lee:1087 *:*
UDP lee:1088 *:*
UDP lee:1094 *:*
UDP lee:1095 *:*
UDP lee:4692 *:*
UDP lee:1033 *:*
UDP lee:1099 *:*
UDP lee:netbios-ns *:*
UDP lee:netbios-dgm *:*
UDP lee:isakmp *:*
are there any tools, that can track what application/users have open/listen
on port's.
example,
you have a user login as fred , that open a telnet session to a host call
lawnmower
what I wan't to see is,
TCP lee:1071 lawnmower:25 ESTABLISHED
'fred' 'telnet.exe'
for example, I know netstat -a return a hell of a lot more information on
unix
about streams etc etc, but surely the o/s 'knows' which applications/users
have connections open or listing for a connection? port on the tcp/ip
stack???
is this possible, or am I going crazy,it is some netstat parameter I've
missed
all these years...
why do need this, take for example a unsophisticated trojan, easy to spot
using this
method
TCP lee:1071 hackerinrussia:25 ESTABLISHED 'root'
'trojan.exe'
Any idea, thought's or general flamings...
Cheers,
Lee Hughes
Director of Traffic
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
