DelphiFAQ Home Search:
Windows
    Apache (2)
    File Types (37)
    Internet Explorer (80)
    Network (172)
    Passwords (350)
    Printing (700)
    Processes (1413)
    Programming (2864)

 
Exchange Links
 
About this site

Links to us


Website Monitoring

 

 

 General :: Linux :: Network
Network setup and administration. Both from Windows and Linux angles.

Articles:

This list is sorted by recent document popularity (not total page views).
New documents will first appear at the bottom.
Featured Article

Determine which ports a specific process on Windows is using

Question:

I suspect that a newly installed application may be listening on some ports and act as a backdoor. How can I determine which ports a specific process on Windows is using?

Answer:

Windows does have the means to show you this. The following steps assume that your application is running on your computer and that you have Windows XP. Older Windows versions do not have all those tools e.g. the commandline task list tool and NETSTAT has not all the same parameters, but the steps are basically the same e.g. for Windows 2000.

The example inspects Yahoo Messenger (YPager.exe).


  1. Find out the process ID (PID) associated with your running application. You can use the task manager for that or from the command line:
    [c:\] tasklist | findstr YPager*

    This will show you the PID in the second column. (Try tasklist /fi "IMAGENAME eq YPager.exe" as an alternative; it will include the column headers.

  2. Now use the PID (in our example, it was 7200) and the NETSTAT tool.
    [c:\] netstat -ano | findstr 7200 
       TCP    0.0.0.0:4161           0.0.0.0:0              LISTENING     7200
   TCP    0.0.0.0:5101           0.0.0.0:0              LISTENING     7200
   TCP    192.168.0.9:4161       216.155.193.165:5050   ESTABLISHED   7200
   UDP    127.0.0.1:4172         *:*                                  7200
  3. This means Yahoo Messenger is listening on ports 4161 and 5101 for all addresses of this machine. It has an established connection with 216.155.193.165. To find out who is behind this 216.155.193.165, use NSLOOKUP:
    nslookup 216.155.193.165
    Name:    cs38.msg.dcn.yahoo.com
 Address:  216.155.193.165
    I guess that is ok. You could also have tried netstat -a which shows you all connections, and with the IP numbers already resolved to names. Don't try this on a PC where Peer-to-Peer software (P2P) like edonkey, Kazaa or WinMX is running. You'll have to wait *very* long if your P2P system works as designed. :-)


If you need to do this kind of analysis a lot, you may want to check out a handy tool like TCPView - Freeware from Systernals. http://www.sysinternals.com/ntw2k/source/tcpview.shtml


Generated 0:00:32 on Jan 24, 2020		Most recent comments
2020-01-23 15:09:29:
by anonymous
in Finances
on Well-respected bank offering Payday loans:
Are you tired of seeking loans and Mortgages,have you been turned down constantly By your banks and other financial trial will convince you.What are your Financial needs?Do you need a business loan?Do ... read more
2020-01-23 02:55:18:
by [hidden]
in Dating Scams
on Scammer Jane Mabou from Ivory Coast, Africa:
10 AGED INSTAGRAM ACCOUNTS 2012-2017
This are 10 basic accounts with no posts, created between 2015 and 2017.
Contact me for more information

Price
$30 using playerup middlem ... read more
2020-01-23 01:40:36:
by [hidden]
in Dating Scams
on Dating scammer GRUPO DE DISCUSSÃO EM PORTUGUÊS:
[url= https://wratotadaper..r.ml[/url]
2020-01-22 11:06:22:
by [hidden]
in Other Scams
on The UK NATIONAL LOTTERY scam:
[url= https://ecdisodangde..g.ga]small tit milfs nude selfie [/url]
[url= https://erexlandao.ga]asian booty fucked white cock [/url]
[url= https://travafvicpos..ml]college girls trying pussy f ... read more
2020-01-22 08:49:50:
by [hidden]
in Dating Scams
on Gold digger Valeria Novitskaya from Ukraine:
[url= https://teltorecofon.ml]should you have statistics in personal essay [/url]
[url= https://mititatajer...r.cf[/url]
[url= https://tistreberfim..k]security teen chatrooms [/url] ... read more
2020-01-22 08:36:03:
by BG/ SBLC FOR LEASE / PURCHASE
in Web publishing
on Getting started with CSS:
Dear Sir/Ma,

We are genuine certified Financial Instrument providers. Presently, we only focus on BG/SBLC for Lease and purchase purposes. Our Lease BG/SBLC is

4+2% and purchase at ... read more
2020-01-21 17:55:54:
by [hidden]
in Dating Scams
on Dating scammer Anita Asante:
health hazards safety unlike tobacco

E cigarette smoking: is he a secure opportinity for people who smoke,tobacco users to discontinue maybe trip to getting young people endlaved by a action ... read more
2020-01-21 17:18:07:
by [hidden]
in about DelphiFAQ
on Other Feedback:
Hey, I was doing some SEO research for a client and came across delphifaq.com. I thought I'd drop you a quick note on your contact form about a few SEO Issues I found on delphifaq.com.

If yo ... read more
2020-01-21 02:35:45:
by Sherri
in Dating Scams
on Dating scammer Sandra Da_Rocha from Accra/Ghana:
site de rencontre pour jeune ado gratuit
baise soeur frere branlette femme elle aime faire
la pute salope 62 salope 86 film de sexe pour adulte video sexe anal amateur porno bleach je prend ... read more
2020-01-20 23:58:27:
by anonymous
in Male Dating Scammers
on Dating scammer Sergeant Dylan Daniel:
Hola conmigo también fue así. Diciéndose llamar Paul Williams Brown lo conoce por la app Tagged, ahora que leo todos los comentarios pues todos dicen lo mismo que me dijo a mi. Pero nunca me a pedi ... read more