Mapping connections to applications
Results 1 to 4 of 4

Thread: Mapping connections to applications

  1. #1
    Banned
    Join Date
    May 2003
    Posts
    210

    Mapping connections to applications

    Hi all,

    I would just like to know if it is possible to map a client connection to this machine to whatever application that opened the port.
    ie; If I saw 'xxx.xxx.xxx.xxx' was connected on port 4562 with netstat, is it possible to find out what program opened that port? I know about the IANA port assignments, but i was wondering about non standard ports utilised by programs such as new trojans and the like.
    Thanks.

  2. #2
    Junior Member
    Join Date
    Sep 2003
    Posts
    4
    Foundstone ( http://www.foundstone.com/) makes some pretty handy tools... If yer lucky enough to be running something other than XP, you might take a look at something called Vision, but otherwise you'll wanna download fport.

    Vision is a GUI port mapper, with services and application mapping as well. A very handy tool, and can be found by going to Resources > Free Tools > Forensic Tools

    fport is the commandline equivalent, and certainly not as pretty, but definately quicker and easier to get the job done. (I prefer this tool, as it's easier to grep for data than it is in the GUI edition.) You can find this tool under Resources > Free Tools > Intrusion Detection Tools.

  3. #3
    Banned
    Join Date
    May 2003
    Posts
    210
    Welcome to AO (i noticed its ye first post), and thanks for the response. Have a nice day.

  4. #4
    Senior Member
    Join Date
    Sep 2003
    Posts
    126
    nice tool set at foundstone. any more little tidbits
    [Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above[/shadow]

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •