Hidden sockets

Discussion in 'Port Explorer' started by Rasheed187, Jul 10, 2004.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Re: Strange connections to Sweden and Brasil

    Hi, I didn't want to start a new thread over a small thing so that's why I post it here.

    My questions: sometimes I see that IE has hidden sockets, what does this mean, is this normal? And I also can't close these are any other sockets why is that?

    And some processes are always hidden like vsmon.exe for example, why is this?
     
  2. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Hi Rasheed, welcome!
    Several applications like your vmon are always hidden by nature, they show up in red characters for hidden; you know from experience what they are so for those you are not really worried.

    But applications in red characters being hidden should get your extra attention, especially if you:
    * don't know what they are
    * should not run / connect to the outside world
    * you know or just found out are malicious
    * etc...

    Applications / sockets also turn red/ hidden when their console doesn't have the focus:
    for instance you have TDS installed and activated in the upepr right corner the sockets.
    In Port Explorer you see those ten sockets as normal sockets, listening on those posts belonging to them.
    But if you minimize TDS to systray, you see those ten sockets turn red, till you click it's systray icon and they get black again.
    So the same with all applications.
    So if an application keeps hidden, for instance it could be like vsmon.exe always be hidden (you can't click any icon for it, you can for it's client part though and that would not be red all time, or there could be malware which needs all your attention, if it is an application with an icon most of time you can richtclick and enable spying on it's process or individual sockets, block sending / receiving, kill it altogether, whatever you like.


    The netstat sockets have SYSTEM and PID 0 and we can only see it happenign but not close them just like that as we need to close the application using them.
     
  3. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,046
    Location:
    The Netherlands
    Hi Jooske,

    Thanks for the feedback I understand it better now, I am from The Netherlands too btw. And (ik wil niet onbeleefd zijn) but are you perhaps a female? Cool to know that a woman knows so much about security. ;)

    And of topic, is it normal that you will get logged out automaticly in this forum, sometimes I want to post something, but suddenly I'm logged out. :(
     
  4. Jooske

    Jooske Registered Member

    Joined:
    Feb 12, 2002
    Posts:
    9,713
    Location:
    Netherlands, EU near the sea
    Can assure you there are many rather security knowledgeable women aboard here, between the men, and that goes in nice harmony here.
    Yes, i'm one of the girls here too :)

    I set the login to always stay logged in, unlimited, so no throwing out for me for that reason. Jooske unlimited :cool: It's a check where you login.
     
Thread Status:
Not open for further replies.