Which process made which socket?

Discussion in 'Security Software' started by James Stickland, Jan 18, 2007.

  1. I know that netstat -oa can show us the respectful socket connection and
    owning process

    What i am looking for is something better - something that will allow
    accounting of all newly created tcp/udp sockets and their respectful process
    number, and hopefully process image name.

    Say, if i open internet explorer and connect to www.microsoft.com, an alert
    of some sort would be made showing me that c:\progra~1\intern~1\iexplore.exe
    made a connection to www.microsoft.com on port 80.

    I know there must be a way to do this, but did microsoft ever release such a
    feature?
     
    James Stickland, Jan 18, 2007
    #1
    1. Advertisements

  2. James Stickland

    jwgoerlich Guest

    Does this help?

    TCPView for Windows v2.4
    http://www.microsoft.com/technet/sysinternals/utilities/TcpView.mspx

    J Wolfgang Goerlich
     
    jwgoerlich, Jan 18, 2007
    #2
    1. Advertisements

  3. You might try Port Reporter from Microsoft as shown in the link below. It
    installs as a service that you can enable when needed to log port activity
    and many details about the port use.

    Steve

    http://www.microsoft.com/downloads/details.aspx?FamilyID=69BA779B-BAE9-4243-B9D6-63E62B4BCD2E&displaylang=en
     
    Steven L Umbach, Jan 18, 2007
    #3
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.