Discussion in 'Port Explorer' started by commando440, Feb 11, 2005.
Only has an ASTERISK (*) with no details?
Lots of data going out on these!
Hi commando44, Processes in blue are system services usually LocalHost or *.*.*.* i.e within your own machine or network.
From the help file:
Sockets in Port Explorer are displayed with text in any one of three colors. These colors are configurable (View menu), but by default they are black, blue and red. The color of the socket is not related to the nature of the socket itself but rather the process that owns it.
Black - Normal Sockets
Most sockets from applications started by the user will display as black. This means the owner process of the socket is a visible application - it has a window that is visible on-screen (although it may be minimised). It is possible but highly unlikely that trojan sockets will display as black.
Blue - System Sockets
Blue sockets indicate ownership by either the System process or by a registered service process (usually started by the operating system). It is possible for trojans to register themselves as service processes, but this is very rare.
See also Notes on Services
Red - Hidden Sockets
Red sockets indicate that the owning process is hidden (ie. it has no visible windows) and is not a service or system process. Although there are some legitimate applications that behave this way, many hidden sockets are owned by trojans, so red-socket processes are always worthy of further investigation. In fact, very few
Red (Background) - Closing Sockets
Sockets with red backgrounds are sockets that have just closed. The red background remains for one 'refresh', allowing you to see sockets as they close rather then having them immediately disappear.
It is not practically possible to determine if a process has an icon in the system tray as the system tray icon is handled by the explorer.exe process, not the process, so hidden processes that have a system tray icon will still show up as red.
Port Explorer maintains a tally of each socket class. These tallies (and combined total) can be seen in the status bar at the bottom left-hand corner of the main Port Explorer window.
Separate names with a comma.