RE: Too to find what .exe has a port open
One of the pstools from sysinternals can do this. -sc -Original Message- From: c.e. gene connor cege...@gmail.com Sent: Tuesday, April 14, 2009 11:40 AM To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Subject: RE: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? This may be a wrong answer to your question ? But, when I use a stand alone network system to download,read or surf to bad and known unsafe websites etc. I always have a program called active ports running in the background and watch what ports,programs files are either opened or started after I go to any of the evil sites. Google = Active Ports 1.2 Free Gene C. In Memory of my little brother http://genec-lori.com/ PackRat GarageSale http://genec-lori.biz/ Genes-Computers Inc. Yulee ,Fl Established 1981, Microsoft OEM Registered member, system builder Active registered Microsoft Partner Active Charter Partner of The Association of System Builders and Integrators If you think you're beaten, Then you are! If you give up the fight, Accept it !! From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, April 14, 2009 8:02 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I would use Nmap to do your scanning, and then use Process Explorer from sysinternals to find out which .exe has the port open. BTW: GO PENN STATE NIT Champs: BSME PENN STATE 1996.. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: andy [mailto:afo...@psu.edu] Sent: Friday, April 10, 2009 8:47 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I recently scanned some of my computers with a languard beta scanner that I have been using for years. And then scanned some computers on my subnet and then on other subnets. They all showed ports 25 and 110 open. Since I never got false results from my languard beta in years, I immediately suspected that all of these computers were infected with some type of spam bot. I picked out one machine and installed every type of free port monitor on it that I could find. All results showed that that the ports 25 and 110 are not open. I think our firewall guys, they just started installing and learning about firewalls, have it setup so that the firewall intercepts any telnet session to 25 or 110 and gives it a window. Is this possible? I have not tried moving my languard beta scanner outside the firewall to test the ports. On another note, a few years ago, I used the languard scanner to look for a trojan that was infecting computers and found a port open on a linux machine that corresponded to the port the trojan was infecting. Come to find out, the linux machine was using some type of proprietary software that used the same port as the trojan. We said, eh ok, you are clean, you can get back on the network. At 02:47 PM 4/9/2009, Derek Lidbom wrote: Are they UDP ports? Does it say immediately after it checks them that they are closed again? My guess would be Languard see the port number and immediately associates with Trojan, without checking to see if it is udp or tcp. From: David Lum [ mailto:david@nwea.org mailto:david@nwea.org ] Sent: Thursday, April 09, 2009 2:42 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT I shoulda known Netstat ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system now thats funny right there Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing only Languard shows something at those ports Dave From: Michael B. Smith [ mailto:mich...@owa.smithcons.com mailto:mich...@owa.smithcons.com ] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that range .comments? Dave From: Jake Gardner [ mailto:jgard...@ttcdas.com mailto:jgard...@ttcdas.com ] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246
RE: Too to find what .exe has a port open
I would use Nmap to do your scanning, and then use Process Explorer from sysinternals to find out which .exe has the port open. BTW: GO PENN STATE NIT Champs: BSME PENN STATE 1996.. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: andy [mailto:afo...@psu.edu] Sent: Friday, April 10, 2009 8:47 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I recently scanned some of my computers with a languard beta scanner that I have been using for years. And then scanned some computers on my subnet and then on other subnets. They all showed ports 25 and 110 open. Since I never got false results from my languard beta in years, I immediately suspected that all of these computers were infected with some type of spam bot. I picked out one machine and installed every type of free port monitor on it that I could find. All results showed that that the ports 25 and 110 are not open. I think our firewall guys, they just started installing and learning about firewalls, have it setup so that the firewall intercepts any telnet session to 25 or 110 and gives it a window. Is this possible? I have not tried moving my languard beta scanner outside the firewall to test the ports. On another note, a few years ago, I used the languard scanner to look for a trojan that was infecting computers and found a port open on a linux machine that corresponded to the port the trojan was infecting. Come to find out, the linux machine was using some type of proprietary software that used the same port as the trojan. We said, eh ok, you are clean, you can get back on the network. At 02:47 PM 4/9/2009, Derek Lidbom wrote: Are they UDP ports? Does it say immediately after it checks them that they are closed again? My guess would be Languard see the port number and immediately associates with Trojan, without checking to see if it is udp or tcp. From: David Lum [ mailto:david@nwea.org mailto:david@nwea.org ] Sent: Thursday, April 09, 2009 2:42 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT...I shoulda known Netstat -ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system...now that's funny right there... Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing...only Languard shows something at those ports... Dave From: Michael B. Smith [ mailto:mich...@owa.smithcons.com mailto:mich...@owa.smithcons.com ] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not...GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that rangecomments? Dave From: Jake Gardner [ mailto:jgard...@ttcdas.com mailto:jgard...@ttcdas.com ] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [ mailto:david@nwea.org mailto:david@nwea.org ] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~~~ Derek Lidbom Director of Technology and Interactive Development, Trone 336.812.2010 dlid...@trone.com Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you
RE: Too to find what .exe has a port open
I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? This may be a wrong answer to your question ? But, when I use a stand alone network system to download,read or surf to bad and known unsafe websites etc. I always have a program called active ports running in the background and watch what ports,programs files are either opened or started after I go to any of the evil sites. Google = Active Ports 1.2 Free Gene C. In Memory of my little brother http://genec-lori.com/ PackRat GarageSale http://genec-lori.biz/ Genes-Computers Inc. Yulee ,Fl Established 1981, Microsoft OEM Registered member, system builder Active registered Microsoft Partner Active Charter Partner of The Association of System Builders and Integrators If you think you're beaten, Then you are! If you give up the fight, Accept it !! _ From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, April 14, 2009 8:02 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I would use Nmap to do your scanning, and then use Process Explorer from sysinternals to find out which .exe has the port open. BTW: GO PENN STATE NIT Champs: BSME PENN STATE 1996.. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 _ From: andy [mailto:afo...@psu.edu] Sent: Friday, April 10, 2009 8:47 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I recently scanned some of my computers with a languard beta scanner that I have been using for years. And then scanned some computers on my subnet and then on other subnets. They all showed ports 25 and 110 open. Since I never got false results from my languard beta in years, I immediately suspected that all of these computers were infected with some type of spam bot. I picked out one machine and installed every type of free port monitor on it that I could find. All results showed that that the ports 25 and 110 are not open. I think our firewall guys, they just started installing and learning about firewalls, have it setup so that the firewall intercepts any telnet session to 25 or 110 and gives it a window. Is this possible? I have not tried moving my languard beta scanner outside the firewall to test the ports. On another note, a few years ago, I used the languard scanner to look for a trojan that was infecting computers and found a port open on a linux machine that corresponded to the port the trojan was infecting. Come to find out, the linux machine was using some type of proprietary software that used the same port as the trojan. We said, eh ok, you are clean, you can get back on the network. At 02:47 PM 4/9/2009, Derek Lidbom wrote: Are they UDP ports? Does it say immediately after it checks them that they are closed again? My guess would be Languard see the port number and immediately associates with Trojan, without checking to see if it is udp or tcp. From: David Lum [ mailto:david@nwea.org mailto:david@nwea.org ] Sent: Thursday, April 09, 2009 2:42 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT.I shoulda known Netstat -ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system.now that's funny right there. Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing.only Languard shows something at those ports. Dave From: Michael B. Smith [ mailto:mich...@owa.smithcons.com mailto:mich...@owa.smithcons.com] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) _ From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not.GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that range..comments? Dave From: Jake Gardner [ mailto:jgard...@ttcdas.com mailto:jgard...@ttcdas.com ] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 _ From: David Lum [ mailto:david@nwea.org mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before.) David Lum // SYSTEMS
RE: Too to find what .exe has a port open
how about: netstat -b? *** John C. Kelsey DuBois Regional Medical Center (: 814.375.3073 *: jckel...@drmc.org mailto:jckel...@drmc.org *** -Original Message- From: c.e. gene connor [mailto:cege...@gmail.com] Sent: Tuesday, April 14, 2009 11:39 To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? This may be a wrong answer to your question ? But, when I use a stand alone network system to download,read or surf to bad and known unsafe websites etc. I always have a program called active ports running in the background and watch what ports,programs files are either opened or started after I go to any of the evil sites. Google = Active Ports 1.2 Free Gene C. In Memory of my little brother http://genec-lori.com/ PackRat GarageSale http://genec-lori.biz/ Genes-Computers Inc. Yulee ,Fl Established 1981, Microsoft OEM Registered member, system builder Active registered Microsoft Partner Active Charter Partner of The Association of System Builders and Integrators If you think you're beaten, Then you are! If you give up the fight, Accept it !! From: Ziots, Edward [mailto:ezi...@lifespan.org] Sent: Tuesday, April 14, 2009 8:02 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I would use Nmap to do your scanning, and then use Process Explorer from sysinternals to find out which .exe has the port open. BTW: GO PENN STATE NIT Champs: BSME PENN STATE 1996.. Z Edward Ziots Network Engineer Lifespan Organization MCSE,MCSA,MCP+I, ME, CCA, Security +, Network + ezi...@lifespan.org Phone:401-639-3505 From: andy [mailto:afo...@psu.edu] Sent: Friday, April 10, 2009 8:47 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I recently scanned some of my computers with a languard beta scanner that I have been using for years. And then scanned some computers on my subnet and then on other subnets. They all showed ports 25 and 110 open. Since I never got false results from my languard beta in years, I immediately suspected that all of these computers were infected with some type of spam bot. I picked out one machine and installed every type of free port monitor on it that I could find. All results showed that that the ports 25 and 110 are not open. I think our firewall guys, they just started installing and learning about firewalls, have it setup so that the firewall intercepts any telnet session to 25 or 110 and gives it a window. Is this possible? I have not tried moving my languard beta scanner outside the firewall to test the ports. On another note, a few years ago, I used the languard scanner to look for a trojan that was infecting computers and found a port open on a linux machine that corresponded to the port the trojan was infecting. Come to find out, the linux machine was using some type of proprietary software that used the same port as the trojan. We said, eh ok, you are clean, you can get back on the network. At 02:47 PM 4/9/2009, Derek Lidbom wrote: Are they UDP ports? Does it say immediately after it checks them that they are closed again? My guess would be Languard see the port number and immediately associates with Trojan, without checking to see if it is udp or tcp. From: David Lum [ mailto:david@nwea.org mailto:david@nwea.org ] Sent: Thursday, April 09, 2009 2:42 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT...I shoulda known Netstat -ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system...now that's funny right there... Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing...only Languard shows something at those ports... Dave From: Michael B. Smith [ mailto:mich...@owa.smithcons.com mailto:mich...@owa.smithcons.com ] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open
RE: Too to find what .exe has a port open
I recently scanned some of my computers with a languard beta scanner that I have been using for years. And then scanned some computers on my subnet and then on other subnets. They all showed ports 25 and 110 open. Since I never got false results from my languard beta in years, I immediately suspected that all of these computers were infected with some type of spam bot. I picked out one machine and installed every type of free port monitor on it that I could find. All results showed that that the ports 25 and 110 are not open. I think our firewall guys, they just started installing and learning about firewalls, have it setup so that the firewall intercepts any telnet session to 25 or 110 and gives it a window. Is this possible? I have not tried moving my languard beta scanner outside the firewall to test the ports. On another note, a few years ago, I used the languard scanner to look for a trojan that was infecting computers and found a port open on a linux machine that corresponded to the port the trojan was infecting. Come to find out, the linux machine was using some type of proprietary software that used the same port as the trojan. We said, eh ok, you are clean, you can get back on the network. At 02:47 PM 4/9/2009, Derek Lidbom wrote: Are they UDP ports? Does it say immediately after it checks them that they are closed again? My guess would be Languard see the port number and immediately associates with Trojan, without checking to see if it is udp or tcp. From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:42 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT I shoulda known Netstat ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system now thats funny right there Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing only Languard shows something at those ports Dave From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) -- From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that range .comments? Dave From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 -- From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before ) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~~~ Derek Lidbom Director of Technology and Interactive Development, Trone 336.812.2010 dlid...@trone.com Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. Andy-Ofalt---863-3449--405-Ag-Admin-Bldg--for more information go to http://ict.cas.psu.edu/Contacts.html -- My little blurb to eat up bandwidth and make your mail box even larger +++ The real problem is that IP, a connectionless protocol, was never developed to be the universal protocol. ATM was developed
RE: Too to find what .exe has a port open
Much more likely that your A/V software is doing e-mail scanning cloaked. From: andy [afo...@psu.edu] Sent: Friday, April 10, 2009 8:46 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open I recently scanned some of my computers with a languard beta scanner that I have been using for years. And then scanned some computers on my subnet and then on other subnets. They all showed ports 25 and 110 open. Since I never got false results from my languard beta in years, I immediately suspected that all of these computers were infected with some type of spam bot. I picked out one machine and installed every type of free port monitor on it that I could find. All results showed that that the ports 25 and 110 are not open. I think our firewall guys, they just started installing and learning about firewalls, have it setup so that the firewall intercepts any telnet session to 25 or 110 and gives it a window. Is this possible? I have not tried moving my languard beta scanner outside the firewall to test the ports. On another note, a few years ago, I used the languard scanner to look for a trojan that was infecting computers and found a port open on a linux machine that corresponded to the port the trojan was infecting. Come to find out, the linux machine was using some type of proprietary software that used the same port as the trojan. We said, eh ok, you are clean, you can get back on the network. At 02:47 PM 4/9/2009, Derek Lidbom wrote: Are they UDP ports? Does it say immediately after it checks them that they are closed again? My guess would be Languard see the port number and immediately associates with Trojan, without checking to see if it is udp or tcp. From: David Lum [ mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:42 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT…I shoulda known Netstat –ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system…now that’s funny right there… Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing…only Languard shows something at those ports… Dave From: Michael B. Smith [ mailto:mich...@owa.smithcons.com] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not…GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that range….comments? Dave From: Jake Gardner [ mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [ mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before…) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~~~ Derek Lidbom Director of Technology and Interactive Development, Trone 336.812.2010 dlid...@trone.com Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. Andy-Ofalt---863-3449--405-Ag-Admin-Bldg--for more information go to http
Re: Too to find what .exe has a port open
This isn't pretty but it works for Windows based systems using built in OS tools... 1) Go to a DOS Prompt 2) Run netstat -noa 3) Look at the list showing the port you want and then grab the PID from that list 4) Run Tasklist | findstr PID from above That should provide you the process name using the port. Here are some more details and options to illustrate: C:\netstat -noa Active Connections Proto Local Address Foreign Address State PID TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 NOTE - if you are only looking for a certain port you can pipe this output to findstr as below: netstat -noa | findstr portnumberyouwant EXAMPLE: to find something listening on port 80 do this: C:\netstat -noa | findstr :80 TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4 TCP 192.168.14.205:59731 206.190.52.34:80 ESTABLISHED 2648 TCP [::]:80 [::]:0 LISTENING 4 Next I see that I want to know what the process(executable) is with PID 2648 so I do this: C:\tasklist | findstr 2648 iexplore.exe 2648 Console 1 191,136 K Which tells me that the Process with PID 2648 is Internet Explorer and it is using port 80. From: Hart, Robert robert.h...@genexservices.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 9, 2009 1:36:48 PM Subject: RE: Too to find what .exe has a port open Try Free Extended Task Manager by Extensoft. Then again it depends why you are asking this question. I would not put this on a server I am almost positive it requires a install. I have not tried just running the exe without installing. http://www.extensoft.com/?p=free_task_manager Bob From:David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before…) David Lum// SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025// (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
Re: Too to find what .exe has a port open
yep - nevermind my post after this one - this went to my spam folder so I didn't see it. Sorry for the duplication ;) From: Michael B. Smith mich...@owa.smithcons.com To: NT System Admin Issues ntsysadmin@lyris.sunbelt-software.com Sent: Thursday, April 9, 2009 1:23:19 PM Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not…GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that range….comments? Dave From:Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From:David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before…) David Lum// SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025// (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged. If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies. Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
+1 Download the whole suite: http://technet.microsoft.com/en-us/sysinternals/0e18b180-9b7a-4c49-8120- c47c5a693683.aspx From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 1:12 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** -- The pages accompanying this email transmission contain information from MJMC, Inc., which is confidential and/or privileged. The information is to be for the use of the individual or entity named on this cover sheet. If you are not the intended recipient, you are hereby notified that any disclosure, dissemination, distribution, or copying of this communication is strictly prohibited. If you received this transmission in error, please immediately notify us by telephone so that we can arrange for the retrieval of the original document. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
currports From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 1:12 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
fport works well. From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 1:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
Perfect thanks! Now I have something, or not...GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that rangecomments? Dave From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
Netstat -b It���s already there! From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here befo�) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not…GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that range….comments? Dave From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before…) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
Try Free Extended Task Manager by Extensoft. Then again it depends why you are asking this question. I would not put this on a server I am almost positive it requires a install. I have not tried just running the exe without installing. http://www.extensoft.com/?p=free_task_manager Bob From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
NETSTAT...I shoulda known Netstat -ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system...now that's funny right there... Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing...only Languard shows something at those ports... Dave From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not...GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that rangecomments? Dave From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
Are they UDP ports? Does it say immediately after it checks them that they are closed again? My guess would be Languard see the port number and immediately associates with Trojan, without checking to see if it is udp or tcp. From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:42 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT...I shoulda known Netstat -ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system...now that's funny right there... Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing...only Languard shows something at those ports... Dave From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not...GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that rangecomments? Dave From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 From: David Lum [mailto:david@nwea.org] Sent: Thursday, April 09, 2009 2:09 PM To: NT System Admin Issues Subject: Too to find what .exe has a port open I have tools that tell me WHAT port is open, but nothing to tell me what app has the port open. What do you guys use? (yes probably discussed here before...) David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 ***Teletronics Technology Corporation*** This e-mail is confidential and may also be privileged.? If you are not the addressee or authorized by the addressee to receive this e-mail, you may not disclose, copy, distribute, or use this e-mail. If you have received this e-mail in error, please notify the sender immediately by reply e-mail or by telephone at 267-352-2020 and destroy this message and any copies.? Thank you. *** ~~~ Derek Lidbom Director of Technology and Interactive Development, Trone 336.812.2010 dlid...@trone.com http://www.trone.com/ Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~
RE: Too to find what .exe has a port open
Use PortQry (Port Query) or Telnet to see if you can actually connect to those ports from another machine. Cheers Ken From: David Lum [mailto:david@nwea.org] Sent: Friday, 10 April 2009 4:42 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open NETSTAT...I shoulda known Netstat -ano shows nothing in that range. Hey, if you have TCPView running when you also run a Nessus scan on same system...now that's funny right there... Nessus shows nothing, TCPView shows nothing, NETSTAT shows nothing...only Languard shows something at those ports... Dave From: Michael B. Smith [mailto:mich...@owa.smithcons.com] Sent: Thursday, April 09, 2009 11:23 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open KISS netstat -ano. The o gives you the process owning the port, which you can use TaskList or Task Manager to find. If it isn't in the list - you've been pwned. (probably) From: David Lum [david@nwea.org] Sent: Thursday, April 09, 2009 2:22 PM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open Perfect thanks! Now I have something, or not...GFI Languard scanned a machine that says I have two KiLo ports open (,6667). TCPView shows nothing in that rangecomments? Dave From: Jake Gardner [mailto:jgard...@ttcdas.com] Sent: Thursday, April 09, 2009 11:12 AM To: NT System Admin Issues Subject: RE: Too to find what .exe has a port open TCPView from SysInternals Thanks, Jake Gardner TTC Network Administrator Ext. 246 ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/ ~