Is Port Explorer accurate?

Discussion in 'Port Explorer' started by Bruno, Mar 8, 2003.

Thread Status:
Not open for further replies.
  1. Bruno

    Bruno Guest

    Just curious...

    I am evaluating Port Explorer 1.50 and I am noting what seems to be contradictory information between it and both TCPView and Commview 4.x (registered).

    For example, Port Explorer is presently showing that svchost.exe is connectted to Microsoft (i.e. "established") while TCPView says that it is "listening" (not "established") and Commview 4.0 shows that there is no connection.

    What am I missing here? Is it just semantics?

    *Jason Edit* Changed the Topic name so it had correct spelling
     
  2. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    Re:Is Port Exploere accurate?

    Personally :) if I was running all three of those I would do a netstat and find out in realtime which one is giving realtime data at any moment I do not know if any of those programs have a refresh rate on connection information..A program like netmon does.

    So I am sure that what you are seeing in the GUI of some of those programs is only as acurate as the how often the info gets updated.


    Also svchost.exe could show up more than once since it is used for various processes.

    A Description of Svchost.exe (Q314056)

    http://support.microsoft.com/default.aspx?scid=kb;en-us;Q314056
     
  3. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Re:Is Port Exploere accurate?

    Hi Bruno, the refresh interval can be set to 1 second minimum.
    You might like to read on the PE site the problems with various other port-to-process mappers.
     
  4. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Re:Is Port Exploere accurate?

    Hi Bruno, due to the somewhat limited nature of other Port to Process mappers they say all "UDP" connections are listening, as does Port Explorer if it can't find more information for that socket. But Port Explorer goes a bit deeper with most sockets and shows you information like the last IP sent or received from on UDP sockets, and if it has sent or received information over that socket we say it is Established (compared to other tools including netstat just saying its listening) . Neither are REALLY correct, a UDP socket can't really be "connected" or established, but not all UDP sockets "listen" either.

    The status information on sockets most of the time isn't really a useful feature anyhow, but I've tried to make it as good as it can be.

    -Jason-
     
  5. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Re:Is Port Exploere accurate?

    To see how powerful, reliable and accurate Port Explorer is, I encourage you to see this page ...
    http://www.diamondcs.com.au/portexplorer/index.php?page=powerful
    :)
     
  6. Bruno

    Bruno Guest

    Thanks for the info (and the typo correction by Jason ;-)

    1. I do not run all three applications at the same time. They are tools that I fire-up as needed. As I was evaluating Port Explorer, I used them separately to verify the accuracy of the information.

    2. I was also questioning why PE was indicating "connected UDP packets" with Microsoft as CommView 4x was not showing anything.
    As I understand it, PE will provide this "erroneous" information and we need to understand its real value (i.e. historical).

    My evaluation period will expire tomorrow and I need to make a decision to either register the application or pass on it... the verdict is still out ;-)
     
  7. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Bruno, i hope you enjoyed your evaluation time with PE.
    Of course the full version is so much more fun and unveiling to work with.
    I've been in the betatesters team and enjoyed it from the first moment, even though in the beginning it got some polishing at users request.
    I found out about software and even emails calling home, which i had not expected in some cases, and i love the blocking feature so i can patiently dig through spam mail without making senders aware with their calling home codes i would be a valid receiving address.
    If i want that permanently of course i can refine the settings in the firewall for the email client. Same with surfing over internet, nice and quiet. Sniffing the packets, what is sent by a program, is it innocent or?
    I used that already occasionally in TDS, where we can even edit the data packets.
    I love the fast automatic whois and all the others at hand, immediately the sockets, inclusive the hidden sockets/processes, ability to sniff on them, if ever find trojans on the lose if there would be or other spying stuff, you name it.
    Wayne's port explorer comparision link is very unveiling too.
    And knowing the UDP status is made the best available is better then not showing any connection at all!
    I was happy to be able attending two real ITC specialists the other week on this program with the website and screenshots and not only they were impressed but found out it offers everything they were looking for, so i felt really proud and happy to tell such chief... whatever :D about this wonderful piece of software.
    Using it, taught me again more about my system and all that's happening on and around it.
    Big thumbs up for the fine helpfile, with so much info and written so clear all users can understand it with the step-by-step instructions.
    What i also found out, with PE installed my windows system is faster, as the dead threads/sockets space is released much faster then without PE, i tried this several times between the installs of new versions and windows up long time.
    Good luck with your decision!
     
  8. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Hi Bruno,

    I'll make sure Jason answers your question personally, however UDP sockets that are shown are indeed there, can we see a screen shot ? :) He was careful to get as much information as possible and Port Explorer uses multiple ways to obtain socket information before blending the results where needed and outputting what you see.
     
  9. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Hi Bruno, I have evaluated and used all other port to process mappers and none of them show as much information as Port Explorer does about the sockets. I know thats may sound a bit one-sided since I did make the product, but I wouldn't be happy with Port Explorer unless it was the best at what it does.

    The status (connecting/listening/established) of a socket might be very helpful in the other limited port to process mappers as a way of understanding what is happening with that socket, but in Port Explorer there are other more advanced ways of working out what is happening. Port Explorer still shows the status of a socket, as well (and better) as any other port to process mapper can, we just go a little bit further with the status then the others can.

    Would you prefer to know whether or not a UDP socket has sent or received data immediately just be looking at the status and seeing that it's ESTABLISHED? Thats what Port Explorer does, I havn't seen another port to process mapper do that. If the socket hasn't sent or received data it shows it as LISTENING.

    In all other port to process mappers (except TCPView Pro) you can't even tell that a UDP socket has sent or received any data. TCPView Pro shows the amount of data sent/received over UDP sockets as does Port Explorer, but it DOES not show you the last address the data was being sent to or received from (which Port Explorer does). MANY secret phone homes in applications occur over UDP sockets simply because most people can't see what address the socket is going to, and what data is being sent.

    In order of best port to process mapper, Port Explorer clearly is in the lead over everything currently available. You not ONLY get port to process mapping in Port Explorer, you get Whois, Ping/Trace, Packet Sniffing and Resolve. If you look at the second best port to process mapper (which is TCPView Pro) and the comments from people who paid $69 for it, they are asking, "Can I packet sniff data with TCPView Pro" and "Is there a way to backtrace an owner of an IP in TCPView Pro", with the answers being NO. You can do all this with Port Explorer for $30 .

    The last thing I want to say is, Port Explorer will be improved as time goes on to continually provide the best socket based tool around. We listen to customers ideas and suggestions, we fix any problems very quickly. When you buy Port Explorer you can be assured you will always be using the best tool of its type.

    Imagine if you had of bought TCPView Pro for $69 knowing it was the best of its kind at that moment, Port Explorer was released (at less then half the price) and they havn't even released one update to the program to try and compete. Port Explorer on the other hand has had many updates. Sure I may work for DiamondCS, but even I can tell good value :) . In the end its the customers/users of the program (ie you) that make the decision and by the many emails I get thanking me and DiamondCS we must be doing something right :) .

    -Jason-
     
  10. Bruno

    Bruno Guest

    Welll... I just registered Port Explorer and instyalled it on my system :D
     
  11. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Bruno - enjoy! It's the only program of its type you'll ever need :)
     
Thread Status:
Not open for further replies.