Port Explorer v1.510 Released!!

Discussion in 'Port Explorer' started by Jason_DiamondCS, Mar 10, 2003.

Thread Status:
Not open for further replies.
  1. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    A new version of Port Explorer has been released! Port Explorer v1.510 is a small bugfix release. You can now download your copy (both the evaluation and full release versions of 1.510 are available) from the official Port Explorer website :-

    http://www.diamondcs.com.au/portexplorer/

    Here is a list of whats new in this version :-

    -Fixed a "Clear Window Log" bug which eventually caused a crash
    -Language additions


    -Jason-
     
  2. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Another bug?

    How about this?:

    PE systray icon mouseover:

    18 Sockets [0 System, 1 Hidden, 17 Normal]

    Display:

    8 System, 1 Hidden exe, 9 Normal exe
     
  3. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    I would of got to this response sooner but your signature image had me hypnotized :) . Anything else you want to say about the bug... how long was Port Explorer running, operating system, etc. I will add this on the TODO list for the next version of PE.
    -Jason-
     
  4. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Forgot I had that image. :)

    The systray icon mouseover info never agrees with the display. Win98SE. Can you repeat it?
     
  5. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Oooo Win98 :) . No we can't repeat that over here but we will load up Port Explorer onto a few more Win9x machines and test this :) .
    -Jason-
     
  6. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Win98SE here, never had any problem with this, and has been betatested and tested on this machine thoroughly.



    That image signature is really terrible, i have to scroll the page to get that thing out of sight to be able to read anything at all here.
     
  7. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    I'm testing Port Explorer on an old P200 Win98SE machine which is running CommView along with a bunch of other monitoring stuff.

    Could it be a Port Explorer timing problem or conflict with another prog?
     
  8. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Blackknight euuhh sheep,
    thanks for the image change :)

    I hope your sugestion is not true, but as i run it PE and lot of other stuff on an older win98se too and don't have that kind of possible conflict, it could be.
    You are familiar with the hijackthis or all the running processes listings, (is that possible with hijack this or is that just the startup stuff?) or Faber Toys (www.faberbox.com , free tool, very handy!)
    which output you might like to list and email to jason to have a look.
    portexplorer@diamondcs.com.au
    Some options could be of course --if you think of conflicts-- to close some other programs one by one and see if that gives the wanted change. It will be some work, which you might like to try or have it Jason do with your list.
    Fingers crossed you find out together what it can be...
    I suppose you have the registered version? Not sure if this would make any difference for this problem.
     
  9. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Hi Jooske,

    Blackknight huh? Interesting... :)

    Yes I could email list of running processes if I had email address...

    I am using the crippled PE eval version which makes it impossible to test all features.

    Has anyone else noticed Port Explorer systray mouseover info not agreeing with the displayed main GUI info, i.e. number of System and Normal processes?
     
  10. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Yeah it's a whole black clan coming along, Black Sheep on a Black Horse, so Black Knight, in another thread a Black Cat,
    waiting for the other blackies.
    Was my way to let you know i noticed your new sig.


    Somehow you'll find a way to either email or IM Jason
    a list, to have a look if there could be anything......
    you can try jason@diamondcs.com.au too.
    They might be enjoying long Easter holiday now, not sure when you get your reaction.


    For me the values are the same. Have not seen other postings with the same complaint, the contrary: always was the actual situation.
     
  11. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    My avatar? (refuse to shrink it) Tis not new - Used it as mod on Lavasoft forums when I was with them, now SpyWareInfo forums, and of course here.

    I tried PE without CommView running - same result.

    PE identifies my OS as Win98 not Win98SE. Makes a difference?

    Gonna ask Coyote` to run it on Win98SE and see if he gets same results.
     
  12. Coyote

    Coyote Spyware Expert

    Joined:
    Feb 9, 2002
    Posts:
    11
    Location:
    Great Country Of Texas
    OK, ran it on wife's computer, Win98se.

    What I am seeing is that in the main GUI
    *SYSTEM processes are not being called as System
    in the text of the bottom of the GUI nor in the tray
    icon mouseover.

    As well in the bottom right corner of the GUI,
    The machine is referred to as Win98 when in
    fact it is Win98SE, however that could be the
    way the program was designed.

    (on a side note, 15days or 30 launches won't give anyone
    a true way to test this app so I will be removing it now)
     
  13. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Coyote described what I've been seeing better than I did.

    The *SYSTEM process column items under the All tab in PE GUI are not being enumerated as System in text at bottom of GUI and systray icon mouseover info.
     
  14. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again,
    no reason for shrinking your sig, now i remember to have seen it before :)

    Thanks for also Coyote's comments (black too?) :cool:
    Many people don't get to the 15 days and just get the registered version as there is not much to do except looking at the connections and for the very nice utilities (the whois is my favorite in the several whois tools i have) and it gets really interesting with all the features enabled in the full version with the spying and right click options etc.

    Would have liked to read from Coyote if the sockets in the GUI and on mouse over in the systray were the same.
    Thanks for that additional info Coyote as this was the burning question here :D

    I run win98se too and indeed win98 is displayed, but the sockets are displayed correctly also on mouse over.
    On my former eval beta test version also sockets were displayed correctly in both occasions.
    System processes that's right, NT/2000/XP only.
     
  15. Coyote

    Coyote Spyware Expert

    Joined:
    Feb 9, 2002
    Posts:
    11
    Location:
    Great Country Of Texas
    yes.


    I have plenty of other tools to use, this one won't be part of them, I don't purchase anything with that much of a limit and being crippled I cannot test its true functionality.

    As well all of the tests and experiments I do are to the benefit of the internet users and I make no money from it I cannot afford to purchase many tools as there is no gain financially from this endeavor. My hobby is to defeat spyware, malware, adware, slyware and other malicious acts against the users of the internet.
     
  16. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Communication problem?

    The Socket text at bottom of PE GUI and systray mouseover info are the same but both do not count * SYSTEM sockets in GUI process column as System.

    Also Help > Index does not work.

    pehelp.chm does work if launched directly.
     
  17. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Is this the problem?

    From PE FAQ:

    "Under Windows 95/98/ME, Port Explorer isn't always able to map all ports back to their parent processes. This is because some of these processes (system services) start before Port Explorer is initialised by the operating system."
     
  18. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Hi Black sheep, I'm not totally certain of the answer to this but I believe that DCS stated that no tool such as PE can do this under W9* - It is the nature of the beast ;)
    What I can say that very view PE type tools can see hidden sockets ans have the ability to sniff the packets + the ability for real time logging & text logging. It is IMHO an excellent easy to use & powerful tool to add to your arsenal.
     
  19. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Hi Pilli,

    I have no doubt Port Explorer is a very useful tool otherwise, I wouldn't have spent so much time evaluating it - trying to determine limitations and reporting possible bugs. I'll probably buy it. Although, at first blush, I assumed all ports/processes would be mapped on Win95/98/ME. What concerns me is a hidden system trojan if such a thing exists.
     
  20. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi again,
    hidden trojans and such should show up as red (hidden) connections if there were which you can either block or spy on.
    If there would be trojans, TDS scans would display them, with the exec protection installed block them from even executing at all.
     
  21. Blacksheep

    Blacksheep Spyware Fighter

    Joined:
    Feb 9, 2002
    Posts:
    109
    Location:
    Missouri, USA
    Hi Jooske,

    Is a hidden system trojan a possibility?
     
  22. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Aren't trojans always trying to be hidden in the first place? They would show up as hidden processes or connections if communicating with the outside world.
    They can try to hide in any way, your TDS will find them, exec protection will stop their execution, so could you configure WG, and PE would show their communications if they found other ways somehow.
     
  23. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    http://www.diamondcs.com.au/index.php?page=products
    Suppose you found the free tools here, with among others the brand new AutostartViewer to see all that running stuff.
    There comes more in near future, this one is very nice already for your goal!
     
  24. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    The only sockets Port Explorer doesn't show is Microsoft's low level system ones. They are started a long time before anything else.

    It is possible to write a driver (see rootkits) which would not show an outgoing connection in PE or any other software. If you manage to get a rootkit installed on your computer.. you will have a lot of other problems other then not just seeing outgoing connections by that driver :) . Basically a well written malicious driver on a Windows based machine will be 99% undetectable since the driver can detect things trying to detect it, if you know what I mean.

    -Jason-
     
  25. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    At least until TDS-4 :D
     
Thread Status:
Not open for further replies.