REVIEW: 11 port-to-process mappers (Security Administrator magazine article)

Discussion in 'Port Explorer' started by Wayne - DiamondCS, Oct 13, 2003.

  1. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Roger A. Grimes (author of the famous book "Malicious Mobile Code: Virus Protection for Windows") has just released a new article which is the main story in this month's Security Administrator magazine. Possibly the first article of its kind to approach this subject matter, it looks into port-to-process mapping/port enumeration, and compares 11 programs that achieve this (including Port Explorer, OpenPorts, TCPView, FPort and more).

    Roger's conclusion: "The strongest contender in this comparative review is DiamondCS, with its GUI utility Port Explorer and its command-line tool OpenPorts. Sysinternals' TCPView is a good backup choice, if you can avoid the stability problems I experienced on NT. Foundstone's Fport is a good alternative to OpenPorts in the command-line port-enumerator field. But if you perform network security or administration for a living, you should have a copy of Port Explorer."

    Full Article: http://www.winnetmag.com/WindowsSecurity/Article/ArticleID/40313/WindowsSecurity_40313.html

    :)
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    [move] :cool: applause! [/move]
     
  3. Pilli

    Pilli Registered Member

    Joined:
    Feb 13, 2002
    Posts:
    6,217
    Location:
    Hampshire UK
    Great stuff Wayne! A really impressive result for a product less than a year old - Well done team! :D
     
  4. DolfTraanberg

    DolfTraanberg Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    676
    Location:
    Amsterdam
    How come, this doesn't supprise me o_O
    Dolf
     
  5. JimIT

    JimIT Registered Member

    Joined:
    Jan 22, 2003
    Posts:
    1,035
    Location:
    Denton, Texas
    Wow!

    Props to you guys!

    And a nod to "Malicious Mobile Code"--a very fascinating and informative book. If you haven't picked it up, it's great.
     
  6. illukka

    illukka Spyware Fighter

    Joined:
    Jun 23, 2003
    Posts:
    632
    Location:
    S.A.V.O
    congrats Wayne on PE.. i already knew it's the best of it's kind.. now the rest will know it too..
     
  7. Gavin - DiamondCS

    Gavin - DiamondCS Former DCS Moderator

    Joined:
    Feb 10, 2002
    Posts:
    2,080
    Location:
    Perth, Western Australia
    Wonderful book (and man, Roger) and a great review :) We're all very happy with how PE has been received.
     
  8. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    580
    Location:
    South Carolina, USA
    i notice that he says "if" you can avoid "stability" problems.. the program(s) need to be safe..
     
  9. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    He is referring to Sysinternals TCPView:

    Regards,
    Jade.
     
  10. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    580
    Location:
    South Carolina, USA
    should i delete my post? :) sorry, i don't know how i got confused, there.. i was on my way out, and was rushing.
     
  11. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    No need for deletion redwolfe_98 as it gave a nice opportunity for a longer quote which makes it even more interesting.
    Have an extra karma cookie! Yummie!
     
  12. WayuU

    WayuU Guest

    Don't forget that many of the free port mappers were not in the test. And many of these are probably faster and or better in some ways. Each app to it's special purpose.

    IPEye, Netcat, ScanLine, WUPS, nmap, etc..

    I havn't even tested Port Explorer yet tho. Looks impressive and I think it might end up in the must have basket :)

    /WayuU
     
  13. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Each mapper might have it's special use or limits.
    Nmap crashes my whole system, to name an example, several are only for NT/2000/XP systems, several are less reliable or less real time, etc tc.
    I tried several over the years and none was satisfying or reliable, nor realtime, etc for my system.
    OpenPorts is a free tool for personal use too btw, for NT/2000/XP but PE has so many extras and is stable, real time, reliable, in many languages, quick, very light in resources, small, --- you might like to read the comparison on the PE web pages too, which opinions are all elsewhere on internet too.
    For me PE is the best i found till now, which was my opinion already from own practise, without reading any of the reviews.
     
  14. Wayne - DiamondCS

    Wayne - DiamondCS Security Expert

    Joined:
    Jul 19, 2002
    Posts:
    1,533
    Location:
    Perth, Oz
    Even better than taking somebody elses opinion from their review - try them all for yourself! Then you'll have a true understanding of how advanced Port Explorer is :)
    Virtually all port-to-process mappers (including the shareware/pay ones) have free or evaluation downloads, so you can try all of them for yourself. You can download Port Explorer here, and OpenPorts here :)
     
  15. Andreas1

    Andreas1 Security Expert

    Joined:
    Jan 29, 2003
    Posts:
    367
    Location:
    Mainz (Ger)
    Hi all,

    Keep in mind the difference between a portmapper, i.e. port-to-process mapper and a portscanner. Those you mentioned are all portscanners (except for netcat which still isn't a port-to-process mapper either).
    A port scanner will allow you to connect to a machine (remote or local one) and possibly get or provoque a reaction when it encounters a listening service. In some cases, that reaction will reveal what service is running and this will reveal to the administrator of the examined PC what application is running there.
    However, for a long time the question "a scan of my system (eith er with such a portscanner or with an AT scanner that examines open ports) revealed port xy listening. Do I have to worry?" has been asked very very frequently. Probably it wasn't possible to solicit a telling answer from the service by connecting directly to the port - after all, nothing about the protocol in use is known.
    That is where Port-To-process mappers come in. You launch them and they tell you "your port xy is being held open by your application yz.exe" - and then you can scan that with a malware scanner, google for info on it, kill and delete it or whatever.

    HTHH,
    Andreas
     
  16. redwolfe_98

    redwolfe_98 Registered Member

    Joined:
    Feb 14, 2002
    Posts:
    580
    Location:
    South Carolina, USA
    i was impressed with "openports", and i am interested in port explorer, but i read another thread where someone said uninstalling the trial version messed up their system so that they could no longer connect to the internet.. is it safe to install (and uninstall) port explorer?
     
  17. gkweb

    gkweb Expert Firewall Tester

    Joined:
    Aug 29, 2003
    Posts:
    1,932
    Location:
    FRANCE, Rouen (76)
    i hadn't any pb doing it before installing my purchased version ;)
     
  18. Dan Perez

    Dan Perez Retired Moderator

    Joined:
    May 18, 2003
    Posts:
    1,495
    Location:
    Sunny San Diego
    Hi redwolfe_98

    The beta testers have installed and uninstalled many many times without any issues and many many users have installed it have uninstalled (for instance for upgrades) without any issue.

    That being said, there is always a chance during any install/uninstall of any program that there may be issues but these would likely arise from very strange and unique circumstances due to a problematic registry or something similar.

    If you like openports you will love PE :D
     
  19. Bowserman

    Bowserman Infrequent Poster

    Joined:
    Apr 15, 2003
    Posts:
    510
    Location:
    South Australia
    That problem is due to the corruption of Winsock in windows, and although it doesn't happen very often.....it can sometimes.

    Definately give the trial a go, but if you want to be safe you could download the appropriate Winsock repair utility for your OS from here just to play it safe (scroll to the bottom of the page).

    Regards,
    Jade :).
     
  20. Jason_DiamondCS

    Jason_DiamondCS Former DCS Moderator

    Joined:
    Nov 11, 2002
    Posts:
    1,046
    Location:
    Perth, Western Australia
    Yes with that utility you can fix Winsock corruption issues easily.

    Unless you have other LSP software installed (unlikely but possible) you won't run into any issues, and even if something else is installed that uses the LSP unless something major goes wrong everything will still work fine when you uninstall Port Explorer.

    -Jason-