REVIEW: 11 port-to-process mappers (Security Administrator magazine article)

Discussion in 'Port Explorer' started by Wayne - DiamondCS, Oct 13, 2003.

  1. Wayne - DiamondCS
    Offline

    Wayne - DiamondCS Security Expert

    Roger A. Grimes (author of the famous book "Malicious Mobile Code: Virus Protection for Windows") has just released a new article which is the main story in this month's Security Administrator magazine. Possibly the first article of its kind to approach this subject matter, it looks into port-to-process mapping/port enumeration, and compares 11 programs that achieve this (including Port Explorer, OpenPorts, TCPView, FPort and more).

    Roger's conclusion: "The strongest contender in this comparative review is DiamondCS, with its GUI utility Port Explorer and its command-line tool OpenPorts. Sysinternals' TCPView is a good backup choice, if you can avoid the stability problems I experienced on NT. Foundstone's Fport is a good alternative to OpenPorts in the command-line port-enumerator field. But if you perform network security or administration for a living, you should have a copy of Port Explorer."

    Full Article: http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/40313/WindowsSecurity_40313.html

    :)
  2. Jooske
    Offline

    Jooske Registered Member

    [move] :cool: applause! [/move]
  3. Pilli
    Offline

    Pilli Registered Member

    Great stuff Wayne! A really impressive result for a product less than a year old - Well done team! :D
  4. DolfTraanberg
    Offline

    DolfTraanberg Registered Member

    How come, this doesn't supprise me o_O
    Dolf
  5. JimIT
    Offline

    JimIT Registered Member

    Wow!

    Props to you guys!

    And a nod to "Malicious Mobile Code"--a very fascinating and informative book. If you haven't picked it up, it's great.
  6. illukka
    Offline

    illukka Spyware Fighter

    congrats Wayne on PE.. i already knew it's the best of it's kind.. now the rest will know it too..
  7. Gavin - DiamondCS
    Offline

    Gavin - DiamondCS Former DCS Moderator

    Wonderful book (and man, Roger) and a great review :) We're all very happy with how PE has been received.
  8. redwolfe_98
    Offline

    redwolfe_98 Registered Member

    i notice that he says "if" you can avoid "stability" problems.. the program(s) need to be safe..
  9. Bowserman
    Offline

    Bowserman Infrequent Poster

    He is referring to Sysinternals TCPView:

    Regards,
    Jade.
  10. redwolfe_98
    Offline

    redwolfe_98 Registered Member

    should i delete my post? :) sorry, i don't know how i got confused, there.. i was on my way out, and was rushing.
  11. Jooske
    Offline

    Jooske Registered Member

    No need for deletion redwolfe_98 as it gave a nice opportunity for a longer quote which makes it even more interesting.
    Have an extra karma cookie! Yummie!
  12. WayuU
    Offline

    WayuU Guest

    Don't forget that many of the free port mappers were not in the test. And many of these are probably faster and or better in some ways. Each app to it's special purpose.

    IPEye, Netcat, ScanLine, WUPS, nmap, etc..

    I havn't even tested Port Explorer yet tho. Looks impressive and I think it might end up in the must have basket :)

    /WayuU
  13. Jooske
    Offline

    Jooske Registered Member

    Each mapper might have it's special use or limits.
    Nmap crashes my whole system, to name an example, several are only for NT/2000/XP systems, several are less reliable or less real time, etc tc.
    I tried several over the years and none was satisfying or reliable, nor realtime, etc for my system.
    OpenPorts is a free tool for personal use too btw, for NT/2000/XP but PE has so many extras and is stable, real time, reliable, in many languages, quick, very light in resources, small, --- you might like to read the comparison on the PE web pages too, which opinions are all elsewhere on internet too.
    For me PE is the best i found till now, which was my opinion already from own practise, without reading any of the reviews.
  14. Wayne - DiamondCS
    Offline

    Wayne - DiamondCS Security Expert

    Even better than taking somebody elses opinion from their review - try them all for yourself! Then you'll have a true understanding of how advanced Port Explorer is :)
    Virtually all port-to-process mappers (including the shareware/pay ones) have free or evaluation downloads, so you can try all of them for yourself. You can download Port Explorer here, and OpenPorts here :)
  15. Andreas1
    Offline

    Andreas1 Security Expert

    Hi all,

    Keep in mind the difference between a portmapper, i.e. port-to-process mapper and a portscanner. Those you mentioned are all portscanners (except for netcat which still isn't a port-to-process mapper either).
    A port scanner will allow you to connect to a machine (remote or local one) and possibly get or provoque a reaction when it encounters a listening service. In some cases, that reaction will reveal what service is running and this will reveal to the administrator of the examined PC what application is running there.
    However, for a long time the question "a scan of my system (eith er with such a portscanner or with an AT scanner that examines open ports) revealed port xy listening. Do I have to worry?" has been asked very very frequently. Probably it wasn't possible to solicit a telling answer from the service by connecting directly to the port - after all, nothing about the protocol in use is known.
    That is where Port-To-process mappers come in. You launch them and they tell you "your port xy is being held open by your application yz.exe" - and then you can scan that with a malware scanner, google for info on it, kill and delete it or whatever.

    HTHH,
    Andreas
  16. redwolfe_98
    Offline

    redwolfe_98 Registered Member

    i was impressed with "openports", and i am interested in port explorer, but i read another thread where someone said uninstalling the trial version messed up their system so that they could no longer connect to the internet.. is it safe to install (and uninstall) port explorer?
  17. gkweb
    Offline

    gkweb Expert Firewall Tester

    i hadn't any pb doing it before installing my purchased version ;)
  18. Dan Perez
    Offline

    Dan Perez Retired Moderator

    Hi redwolfe_98

    The beta testers have installed and uninstalled many many times without any issues and many many users have installed it have uninstalled (for instance for upgrades) without any issue.

    That being said, there is always a chance during any install/uninstall of any program that there may be issues but these would likely arise from very strange and unique circumstances due to a problematic registry or something similar.

    If you like openports you will love PE :D
  19. Bowserman
    Offline

    Bowserman Infrequent Poster

    That problem is due to the corruption of Winsock in windows, and although it doesn't happen very often.....it can sometimes.

    Definately give the trial a go, but if you want to be safe you could download the appropriate Winsock repair utility for your OS from here just to play it safe (scroll to the bottom of the page).

    Regards,
    Jade :).
  20. Jason_DiamondCS
    Offline

    Jason_DiamondCS Former DCS Moderator

    Yes with that utility you can fix Winsock corruption issues easily.

    Unless you have other LSP software installed (unlikely but possible) you won't run into any issues, and even if something else is installed that uses the LSP unless something major goes wrong everything will still work fine when you uninstall Port Explorer.

    -Jason-