Apologies if I'm revealing the depths of my ignorance, but does (or will) TDS have the facility to relate an open port to the process which opened it?

MTIA

Checkout,
There is no native way supplied by Windows to achieve process-to-port mapping, but this is commonly requested feature so we have already developed a utility (actually a base service provider, it took a lot of sniffing around in the kernel but we've got it working nicely now and it has been complete for many months now) that will allow our upcoming TDS4 to see which ports are being used by which processes.

Best regards,
Wayne

Hmm...in the meantime, I found TCPview:

Process:PID * * *Protocol * * *Local Address * * *RemoteAddress * * *Sent * * *Received * * *

svchost.exe:688 * * *TCP * * *martin:1025 * * *LISTENING * * * * * * * * *
vsmon.exe:1096 * * *TCP * * *martin:1026 * * *LISTENING * * * * * * * * *
msmsgs.exe:2040 * * *UDP * * *martin:1066 * * **:* * * * * * * * * *
msmsgs.exe:2040 * * *UDP * * *martin:1068 * * **:* * * * * * * * * *
msmsgs.exe:2040 * * *TCP * * *martin:1072 * * *msgr-ns21.msgr.hotmail.com:1863 * * *8/264 * * *11/968 * * *
IEXPLORE.EXE:816 * * *UDP * * *martin:1174 * * **:* * * *5259/5259 * * *5259/5259 * * *
tds-3.exe:1592 * * *TCP * * *martin:12345 * * *LISTENING * * * * * * * * *
tds-3.exe:1592 * * *TCP * * *martin:1243 * * *LISTENING * * * * * * * * *
Proxomitron.exe:876 * * *TCP * * *martin:1532 * * *a62-41-113-20.deploy.akamaitechnologies.com:http * * *1/322 * * *2/1790 * * *
msimn.exe:204 * * *TCP * * *martin:1548 * * *LISTENING * * * * * * * * *
msmsgs.exe:2040 * * *TCP * * *martin:16180 * * *LISTENING * * * * * * * * *
tds-3.exe:1592 * * *TCP * * *martin:20034 * * *LISTENING * * * * * * * * *
tds-3.exe:1592 * * *UDP * * *martin:2140 * * **:* * * * * * * * * *
tds-3.exe:1592 * * *TCP * * *martin:23432 * * *LISTENING * * * * * * * * *
tds-3.exe:1592 * * *TCP * * *martin:27374 * * *LISTENING * * * * * * * * *
tds-3.exe:1592 * * *UDP * * *martin:31337 * * **:* * * * * * * * * *
VisualZone.exe:1232 * * *UDP * * *martin:3731 * * **:* * * * * * * * * *
tds-3.exe:1592 * * *TCP * * *martin:5000 * * *LISTENING * * * * * * * * *
tds-3.exe:1592 * * *TCP * * *martin:6667 * * *LISTENING * * * * * * * * *
msmsgs.exe:2040 * * *UDP * * *martin:7078 * * **:* * * * * * * * * *
Proxomitron.exe:876 * * *TCP * * *martin:8080 * * *LISTENING * * * * * * * * *
tds-3.exe:1592 * * *TCP * * *martin:9400 * * *LISTENING * * * * * * * * *
svchost.exe:644 * * *TCP * * *martin:epmap * * *LISTENING * * * * * * * * *
lsass.exe:488 * * *UDP * * *martin:isakmp * * **:* * * * * * * * * *
How come TDS listens on so many ports? *Does this defy stealthing?

I'm more than a bit worried by these results, Wayne.

Sounds to me like you have initialized sockets and therefore asked TDS to listen on these ports.

If you use the socket feature of TDS-3 you will get open ports. If you worry about it than disable the socket feature. TDS-3 has nothing to do with 'stealth' because TDS-3 is not a firewall.

wizard

-{ Quote: "If you use the socket feature of TDS-3 you will get open ports." }-
Gotcha. *Thanks.

-{ Quote: "we have already developed a utility (actually a base service provider, it took a lot of sniffing around in the kernel but we've got it working nicely now and it has been complete for many months now) that will allow our upcoming TDS4 to see which ports are being used by which processes." }-
You'll make a lot of friends with that feature, Wayne! *Tx.

-{ Quote: "
You'll make a lot of friends with that feature, Wayne! *Tx.
" }-

For sure! I tried a couple of the few available for Win98, but no big success, so wait patiently to try the real DCS stuff on my system.

-{ Quote: "
You'll make a lot of friends with that feature, Wayne! *Tx.
" }-

Some programs for process to port mapping are around, achieving this is not easy at all and some have rather mixed and inaccurate results, it is just something that has to be done the right way :)

This feature when incorporated into TDS4 should be very accurate as to the process in question.

Gavin, thanks. *And to the other posters, yep - I had sockets initialised. *My fault.

Not fault, that's what the function is for. You could lay your watchdogs behind them :) and have a lot more "fun" if somebody wants to try them :D

-{ Quote: "Gavin, thanks. *And to the other posters, yep - I had sockets initialised. *My fault." }-
Although it is normally the job of your firewall to take care of this part of things, it's not necessarely a bad thing to have sockets initialized. *Since only one app can own any port at any given time, once TDS listens on these ports, it owns them and any anyone trying to use them will automatically trigger a warning.
A good firewall should still show you stealthed at GRC and i can only imagine you are using ZA (no, i don't like that one) for not being so.

Thanks, Mickey - useful comment.