Port Monitoring, or not?

Would anyone care to comment on what they use to monitor port activity? I've tried Active Ports, and it seems to work OK, but not very Newbie-friendly. I've heard that some AT applications have this feature built in, with better functionality and help dialog. Or are their better stand-alone apps?

 

My personal favorite is DCS Port Explorer.
See here: http://www.diamondcs.com.au/portexplorer/
There is a trial version avaiable.

Also, you may read about it here https://www.wilderssecurity.com/index.php?board=7 at the Wilder's Official Open Public DiamondCS Software Forums.

HTH....

Regards,
Kent

 

Personally I think ActivePorts is one of the easier port to process mappers to use. Though probably not as accurate, as some of the others. Vision 1.0 and TCPView are also some other freeware alternatives.

TCPView is quite nice, but you might not find it user friendly if you did not think ActivePorts was. TCPView 2.34 Link

Vision 1.0 is a lot like ActivePorts with some additional features (view running processes, services, and drivers etc). If you try it, make sure you tell it to auto refresh in settings. And keep in mind that it recommends you are running NT4 or 2000. Vision 1.0 Link - look under Forensic Tools

And of course there is Port Explorer which has a lot of nice features, and is quite user friendly with a very intuitive interface. Unfortunately is is not freeware. To go along with puff-m-d's suggestion in visiting the PortExplorer forum, I thought I would pull out some of the more helpful threads that I found helped me make my decision on whether or not to purchase PE. Not only is Port Explorer discussed, but port to process mappers in general, and some of the competition.

REVIEW: 11 port-to-process mappers (Security Administrator magazine article)

Is it really worth $30?

Is Port Explorer accurate?

I believe Outpost Pro (a firewall) also has a tab that shows active connections as well.

 

Rereun2

Good information. I'll check out the other forums. When I stated ActivePorts wasn't user friendly, what I meant was that it was at times difficult to determine which process were OK, and which I might want to research more.

I have to ask - If I'm fairly confident I've got a clean system (ie. scanned with AV - no problems; scanned with AT - no problems; installed AT monitor; running a good firewall, etc), chances are all of these processes are legit, right?

 

I see what you mean now

Finding what processes are "ok", will take some time at first. But I think it is well worth it.

Here are some sites that might help

Search for apps here...
http://www.sysinfo.org/startupinfo.php
http://www.sysinfo.org/startuplist.php

and here...

http://www.answersthatwork.com/Tasklist_pages/tasklist.htm

Search for ports here...
http://www.practicallynetworked.com/sharing/app_port_list.htm

and here...
http://www.neohapsis.com/neolabs/neo-ports/

and here...
http://www.portsdb.org/bin/portsdb.cgi

I wish I could comment on whether or not you really do have a clean system. But that is very difficult to say. Some people argue that no one can ever be really sure. AVs, ATs, firewalls, whatever else... can all be bypassed and can all miss things. That is one of the reasoning behind a "layered defense." A term i think a lot of us use. I have used it a few times myself. But it has also saved me a few times as well. You will find this concept at security forums, security books, even the security chapter of the FreeBSD handbook. The basic idea is to have software and/or policy to directly handle a specific type of threat. Thus giving you a greater chance to detect a threat before it is too late, or give you something to fall back onto and prevent greater damage.

Having a dedicated AV, AT, and firewall is a good place to start. Learning how to operate them properly and maintaining them would be the next step. You can have the best firewall in the world, but if it is improperly configured, you might as well not have it at all (would just give a false sense of security). If you did/do not practice any questionable internet activities, that is even better. Make sure your Operating System is patched as well.