What does the Asterix means exactly??

http://www.dshephar.pwp.blueyonder.co.uk/DS%20Homepage%20files/Pictures/Port%20Explorer.jpg

Hi,

I have a question about the '*' that appear in from of various processes in the Port Explorer window, can abybody tell me what they mean.

I loaded mIRC today and now this process has 2 enteries in the Port Explorer window 1 with '*' 1 without? Previously I only had the one mIRC process running the *mIRC.exe is a new addition today.

What does the * mean and why would it only appear today? I think before ... ie, yesterday ... a *SYSTEM process ran alongside mIRC but today it is like the picture attached.

When I select 'Hide NetStat Sockets' it is hidden, the fact that I use mIRC daily and this change has only happened today is a little confusing. I have looked in teh help file but when you really have no idea where to start it is sometimes easier to ask

Thanks in advance

 

Hi, Wink

First, a couple of quotes from that help file you mentioned:

<quote>
Why do some processes show as --NETSTAT-- when others display the actual process?
Under Windows 95/98/ME, Port Explorer isn't always able to map all ports back to their parent processes. This is because some of these processes (system services) start before Port Explorer is initialised by the operating system. However, the common "netstat" program can see them, so Port Explorer combines both results into one table, showing the netstat sockets as '--NETSTAT--'.
</quote>

<quote>
Under Windows 95/98 Port Explorer isn't able to map all sockets to their parent process (usually only the ones that are loaded very early by the system). Such processes will normally display with the process name of "--NETSTAT--", indicating that Port Explorer wasn't able to map the process, but it could still see the socket using standard netstat techniques. However under Windows NT4, 2K, and XP, Port Explorer is able to map ports to all processes by using undocumented functions that are built into the operating system. Sockets that would normally display as '--NETSTAT--' but have been resolved by Port Explorer using this technique will have an asterisk beside their name, for example:
* c:\path\process.exe
rather than...
c:\path\process.exe
</quote>

That should pretty well explain why you see the same process two different ways. Now, as to why you see it different ways at different times I can make a guess. (sometimes known as a WAG ). You did not mention your OS but I am "guessing" you are not running any version of NT and are running some flavor of 9x.. If that is the case and you let mIRC load on boot, it may load before PE and it will show as a "netstat" process per the above. If you load mIRC after boot and with PE already running, PE will correctly ID the socket to mIRC. In either case, PE is showing you that mIRC is using two sockets. You can verify that by right-clicking on the process and selecting the "What is...".

HTH
Phil

 

Hi Phil,

Thanks for the info, it has made the * a little clearer now

I use win2k btw and port explorer is loaded at startup but i start mIRC manually.

I have been reading through the manual and the fog of confusion surrounding the infomation being presented to me is starting to thin.

Thanks again for your reply

wink

 

You're most welcome. Since you are running W2k (an NT version), you shouldn't have seen anything other than what is in the screen shot you posted. <shrug> There could be something about mIRC I don't known about since I don't use it. If so, one of the DiamondCS guys will be along in a day or two to explain. I think they spend their weekends herding 'roos or something.

PE is like most other programs -- you have to dig around a bit before you understand what is going on.

Glad I could be some help, anyway.
Phil

 

You should have seen those other *Mirc ones before, they are pretty much always on my screen, but I think sometimes they only appear after a DCC send or chat, or something like that. All they mean is Port Explorer has found other sockets which Mirc belongs to. The ports with an asterix however are mostly inactive ports which don't do much at all. The "important" ports on NT based machines (NT/2K/XP) are the non asterixed ones, "Hide Netstat Sockets" hides the asterix'd ones as most of the time these aren't of any value to look at. If you don't have over 100 sockets on your screen at once though, you might as well leave them on, since it gives you a better view of your sockets.
-Jason-

 

Hi Jason,

Thanks for clearing that up, I had notice little or no traffic through these sockets, and what you say ablout the *SYSTEM changing to an *mIRC after I have started to sent data tallys up

Have a good xmas, spare a thought for us in the northern hemisphere freezing our ******** off