September 24th, 2003, 07:48 AM
Mapping connections to applications
I would just like to know if it is possible to map a client connection to this machine to whatever application that opened the port.
ie; If I saw 'xxx.xxx.xxx.xxx' was connected on port 4562 with netstat, is it possible to find out what program opened that port? I know about the IANA port assignments, but i was wondering about non standard ports utilised by programs such as new trojans and the like.
September 24th, 2003, 11:31 AM
Foundstone ( http://www.foundstone.com/) makes some pretty handy tools... If yer lucky enough to be running something other than XP, you might take a look at something called Vision, but otherwise you'll wanna download fport.
Vision is a GUI port mapper, with services and application mapping as well. A very handy tool, and can be found by going to Resources > Free Tools > Forensic Tools
fport is the commandline equivalent, and certainly not as pretty, but definately quicker and easier to get the job done. (I prefer this tool, as it's easier to grep for data than it is in the GUI edition.) You can find this tool under Resources > Free Tools > Intrusion Detection Tools.
September 24th, 2003, 12:17 PM
Welcome to AO (i noticed its ye first post), and thanks for the response. Have a nice day.
September 24th, 2003, 12:23 PM
nice tool set at foundstone. any more little tidbits
[Shadow] have you ever noticed work is like a tree full of monkeys you look down and all you see is monkeys below you then you look up and all you see is a bunch of *******s above