« Sexy X-Ray Vision Colourshift Technique in photoshop!
Proxy List Octoboer 9th 2007 »

Damn Insecure Windows Machines! HowTo: Scanning your own active Windows ports.

So, your a sysadmin who uses windows for a business? Shame on you.  Your a desktop user who uses windowz and wants to check if anyone is snooping on them. Normally I’d suggest using something like netstat -a netstat -no or even netstat -ano however this neat little tool, fport does all tha hard work for you, the main difference being it looks up the PIDs that netstat gives and finds the name of the executable for that very PID,  as well as the ports and the IP’ & protocol connected. It’s pretty handy if you have to use winz in one way of another. Here is a copy of the example at http://www.foundstone.com/us/resources/proddesc/fport.htm

and here is the direct downloadurl off foundstone’s website.
 

Identify unknown open ports and their associated applications
Copyright 2002 (c) by Foundstone, Inc.
http://www.foundstone.com

fport supports Windows NT4, Windows 2000 and Windows XP

fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the ‘netstat -an’ command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

Usage:
C:\>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com

Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe
392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe

The program contains five (5) switches. The switches may be utilized using either a ‘/’
or a ‘-’ preceding the switch. The switches are;

Usage:
/? usage help
/p sort by port
/a sort by application
/i sort by pid
/ap sort by application path

This entry was posted Tuesday, October 9th, 2007 at 4:34 am and is filed under Security. You can leave a response, or trackback from your own site.

One Response to “Damn Insecure Windows Machines! HowTo: Scanning your own active Windows ports.”

  1. Computers » Damn Insecure Windows Machines! HowTo: Scanning your own active … Says:
    October 9th, 2007 at 4:37 am

    [...] Check it out! While looking through the blogosphere we stumbled on an interesting post today.Here’s a quick excerptSo, your a sysadmin who uses windows for a business? Shame on you. Your a desktop user who uses windowz and wants to check if anyone is snooping on them. Normally I’d suggest using something like netstat -a netstat -no or even netstat … [...]

Leave a Reply

return of the men in black