Ethical Hacking Training at InfoSec Institute

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Computer Forensics Computer-Forensics
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Why using fport if netstat -b does much more ?

from [Gary Kessler] Network Security [Permanent Link]
Subject: Re: Why using fport if netstat -b does much more ?
Date: Mon, 05 Dec 2005 13:17:16 -0500 
Hi all.

At 13:27 12/01/2005, contrera@eig.unige.ech wrote:

hi,

i've just noticed that netstat as an option (-b) that allow to list port and 
the processes which are binded to.
fport  (-foundstone free utility-) allow just to see processes and local ports.

Netstat -b allow to see processes (and dlls involved in the TCP/IP 
connection), local ports and remote ports and remote IP address !
Remote IP address and remote ports could be useful  when investigating.

Why any of the famous books related to windows forensics (Incident responsw & 
computer forensics -FOundstone-, Windows Forensics -Carvey-, ...) doesn't talk 
about the -b option ?

i'm going to update my Automated response script with netstat -b !

Greetings.


I haven't used "netstat -b" a lot to learn tricks and hints ans all, but I find 
fport to be more thorough and complete.

/kess


=========================================================================
Gary C. Kessler                                gary.kessler@champlain.edu
Associate Professor                                      Project Director
Program Director - Computer Networking,              Information Security
Computer & Digital Forensics, and          Vt. Information Technology Ctr.
Information Security

Champlain College                                 Office: +1 802-865-6460
West Hall, Room 12                                   Fax: +1 802-865-6446
163 South Willard Street                            Cell: +1 802-238-8913
Burlington, VT 05401

http://infosec.champlain.edu
http://digitalforensics.champlain.edu                   kumquat@sover.net
http://networking.champlain.edu                http://www.garykessler.net
           PGP Public Key: http://www.garykessler.net/kumquat_pubkey.html
[More with this subject...]


<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  AW: Why using fport if netstat -b does much more ?, Info
Next by Date:  RE: Why using fport if netstat -b does much more ?, Hodd, Kevin
Previous by Thread:  AW: Why using fport if netstat -b does much more ?, Info
Next by Thread:  Re: Why using fport if netstat -b does much more ?, Ansgar -59cobalt- Wiechers
Indexes:  [Date] [Thread] [Top] [All Lists]