Socket Spy Behavior Question

[Disciple]

In making the switch from Atelier's AWPTA to Port Explorer, and in-order to get a better feel for PE, I have a question about how Socket Spy functions. If the answer is in the help file please forgive me, for it did not catch my attention.

Is it possible to spy on 2 or more processes/sockets at the same time? i.e. have say an IE process/socket and a process/socket for say svchost.exe in the list at the same time, and be able to switch between the 2. My reasoning is, to verify that a suspicious item is not using an established/allowed process/socket for communication.

TIA for all answers.

[Jooske]

Hi Disciple,
It is described very fine in the Helpfile under "Advanced > Packet sniffing witj socket spy" with screen shots and lot of fine information i'm sure you'll enjoy reading and trying!

[Wayne - DiamondCS]

This page (out of the helpfile in the Advanced section) should be of some interest - http://www.diamondcs.com.au/portexplorer/index.php?page=packetsniffer

... but to answer your question, yes - you can spy on individual sockets and processes, as many as you like, and yes even at the same time. For example, you might want to spy on port 21 of your FTP client, but not any other ports - PE lets you easily do this. However if you DO want to spy on the whole process and all of its sockets (including ones that are created later), then PE also lets you easily do this. I haven't got any hard numbers on hand at the moment but you can basically add as many sockets and processes to the spy list as you like, and easily remove them later whenever you want with just a couple of mouseclicks.

Best regards,
Wayne

[Disciple]

Thanks Jooksie and Wayne for your replies, and patience. I now know it's time for my eye exam, as I totally missed socket(s)/process(es) in the manual.

[Jooske]

No, your mouse needs to learn the double click to open the book icon at the right page.
In the Helpfile > Utilities > Socket Spy is a small introduction with links to that part.
Glad you found it!

[Jason_DiamondCS]

The Hard Numbers :-

You can spy on up to 128 different process ID's at a time combined with as many individual sockets as you want.

So there is no limit on individual sockets, you can spy on each and every socket if you had 10000 of them.

But only a maximum of 128 "whole" processes can be monitored at a time, if you understand what I mean? I could easily extend that to more though but I think 128 is enough
-Jason-

[Disciple]

Quote:

quoting: Jason / DiamondCS link=board=7;threadid=5006;start=0#32808 date=1037770705]
The Hard Numbers :-

You can spy on up to 128 different process ID's at a time combined with as many individual sockets as you want.

So there is no limit on individual sockets, you can spy on each and every socket if you had 10000 of them.

But only a maximum of 128 "whole" processes can be monitored at a time, if you understand what I mean? I could easily extend that to more though but I think 128 is enough
-Jason-

That ought to keep me and any other most curious person busy for a loooooong time. Maybe we have too much time on our hands?