REVIEW: 11 port-to-process mappers (Security Administrator magazine article)

[Wayne - DiamondCS]

Roger A. Grimes (author of the famous book "Malicious Mobile Code: Virus Protection for Windows") has just released a new article which is the main story in this month's Security Administrator magazine. Possibly the first article of its kind to approach this subject matter, it looks into port-to-process mapping/port enumeration, and compares 11 programs that achieve this (including Port Explorer, OpenPorts, TCPView, FPort and more).

Roger's conclusion: "The strongest contender in this comparative review is DiamondCS, with its GUI utility Port Explorer and its command-line tool OpenPorts. Sysinternals' TCPView is a good backup choice, if you can avoid the stability problems I experienced on NT. Foundstone's Fport is a good alternative to OpenPorts in the command-line port-enumerator field. But if you perform network security or administration for a living, you should have a copy of Port Explorer."

Full Article: http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/40313/WindowsSecurity_40313.html

[Jooske]

applause!

[Pilli]

Great stuff Wayne! A really impressive result for a product less than a year old - Well done team!

[DolfTraanberg]

How come, this doesn't supprise me
Dolf

[JimIT]

Wow!

Props to you guys!

And a nod to "Malicious Mobile Code"--a very fascinating and informative book. If you haven't picked it up, it's great.

[illukka]

congrats Wayne on PE.. i already knew it's the best of it's kind.. now the rest will know it too..

[Gavin - DiamondCS]

Wonderful book (and man, Roger) and a great review We're all very happy with how PE has been received.

[redwolfe_98]

i notice that he says "if" you can avoid "stability" problems.. the program(s) need to be safe..

[Bowserman]

Quote:

quoting: redwolfe_98 link=board=7;threadid=14918;start=0#msg108134 date=1070896828]
i notice that he says "if" you can avoid "stability" problems.. the program(s) need to be safe..

He is referring to Sysinternals TCPView:

Quote:

Ahead of the Pack
When you're searching for malware, the ability to list open TCP/IP ports with their initiating programs or services is beneficial. Netstat is limited, but it's installed on every version of Windows, which makes it always available for troubleshooting. Unfortunately, it doesn't make connecting an open port to the source program easy. On Windows 2003 and XP computers, Netstat -ano will do in a pinch—you can compare the information it provides with Task Manager's PID list. On other Windows platforms, however, you need to look for alternatives. The strongest contender in this comparative review is DiamondCS, with its GUI utility Port Explorer and its command-line tool OpenPorts. Sysinternals' TCPView is a good backup choice, if you can avoid the stability problems I experienced on NT. Foundstone's Fport is a good alternative to OpenPorts in the command-line port-enumerator field. But if you perform network security or administration for a living, you should have a copy of Port Explorer.

Regards,
Jade.

[redwolfe_98]

should i delete my post? sorry, i don't know how i got confused, there.. i was on my way out, and was rushing.

[Jooske]

No need for deletion redwolfe_98 as it gave a nice opportunity for a longer quote which makes it even more interesting.
Have an extra karma cookie! Yummie!

Don't forget that many of the free port mappers were not in the test. And many of these are probably faster and or better in some ways. Each app to it's special purpose.

IPEye, Netcat, ScanLine, WUPS, nmap, etc..

I havn't even tested Port Explorer yet tho. Looks impressive and I think it might end up in the must have basket

/WayuU

[Jooske]

Each mapper might have it's special use or limits.
Nmap crashes my whole system, to name an example, several are only for NT/2000/XP systems, several are less reliable or less real time, etc tc.
I tried several over the years and none was satisfying or reliable, nor realtime, etc for my system.
OpenPorts is a free tool for personal use too btw, for NT/2000/XP but PE has so many extras and is stable, real time, reliable, in many languages, quick, very light in resources, small, --- you might like to read the comparison on the PE web pages too, which opinions are all elsewhere on internet too.
For me PE is the best i found till now, which was my opinion already from own practise, without reading any of the reviews.

[Wayne - DiamondCS]

Even better than taking somebody elses opinion from their review - try them all for yourself! Then you'll have a true understanding of how advanced Port Explorer is
Virtually all port-to-process mappers (including the shareware/pay ones) have free or evaluation downloads, so you can try all of them for yourself. You can download Port Explorer here, and OpenPorts here

[Andreas1]

Hi all,

Quote:

quoting: WayuU link=board=7;threadid=14918;start=0#msg108561 date=1070971301]
Don't forget that many of the free port mappers were not in the test. And many of these are probably faster and or better in some ways. Each app to it's special purpose.

IPEye, Netcat, ScanLine, WUPS, nmap, etc..
/WayuU

Keep in mind the difference between a portmapper, i.e. port-to-process mapper and a portscanner. Those you mentioned are all portscanners (except for netcat which still isn't a port-to-process mapper either).
A port scanner will allow you to connect to a machine (remote or local one) and possibly get or provoque a reaction when it encounters a listening service. In some cases, that reaction will reveal what service is running and this will reveal to the administrator of the examined PC what application is running there.
However, for a long time the question "a scan of my system (eith er with such a portscanner or with an AT scanner that examines open ports) revealed port xy listening. Do I have to worry?" has been asked very very frequently. Probably it wasn't possible to solicit a telling answer from the service by connecting directly to the port - after all, nothing about the protocol in use is known.
That is where Port-To-process mappers come in. You launch them and they tell you "your port xy is being held open by your application yz.exe" - and then you can scan that with a malware scanner, google for info on it, kill and delete it or whatever.

HTHH,
Andreas

[redwolfe_98]

i was impressed with "openports", and i am interested in port explorer, but i read another thread where someone said uninstalling the trial version messed up their system so that they could no longer connect to the internet.. is it safe to install (and uninstall) port explorer?

[gkweb]

i hadn't any pb doing it before installing my purchased version

[Dan Perez]

Hi redwolfe_98

The beta testers have installed and uninstalled many many times without any issues and many many users have installed it have uninstalled (for instance for upgrades) without any issue.

That being said, there is always a chance during any install/uninstall of any program that there may be issues but these would likely arise from very strange and unique circumstances due to a problematic registry or something similar.

If you like openports you will love PE

[Bowserman]

Quote:

quoting: redwolfe_98 link=board=7;threadid=14918;start=15#msg109168 date=1071101369]
i was impressed with "openports", and i am interested in port explorer, but i read another thread where someone said uninstalling the trial version messed up their system so that they could no longer connect to the internet.. is it safe to install (and uninstall) port explorer?

That problem is due to the corruption of Winsock in windows, and although it doesn't happen very often.....it can sometimes.

Definately give the trial a go, but if you want to be safe you could download the appropriate Winsock repair utility for your OS from here just to play it safe (scroll to the bottom of the page).

Regards,
Jade .

[Jason_DiamondCS]

Yes with that utility you can fix Winsock corruption issues easily.

Unless you have other LSP software installed (unlikely but possible) you won't run into any issues, and even if something else is installed that uses the LSP unless something major goes wrong everything will still work fine when you uninstall Port Explorer.

-Jason-