Discussion in 'Port Explorer' started by Valkyri001, Aug 25, 2004.
Are they always bad? If they are reported as a known process why would red be bad?
In a nutshell, a red socket belongs to a process that doesn't have any visible windows. In the Port Explorer helpfile please see the Interface | Socket Colors page for a full explanation of this. The Advanced | Hidden Server Detection page also has information on this that I think you'll find interesting.
I'm not sure I understand all that. The bad guy is listening, I can take his packet and change it to work for me instead?
Also is it possible that what I'm seeing from here is my routers firewall.
No, a red socket (red FOREGROUND) simply means the process it belongs to is hidden. Trojans will nearly always show up as red, but there are also some legitimate programs that use sockets but aren't visible, so you can't just assume each red socket is a trojan but it's something to be aware of. A red BACKGROUND indicates that the socket belongs to a process that has just closed.
Please take some time to read through the help file, as it should answer most if not all of your questions and will also enlighten you on some other interesting things that you might not be aware of.
Thanks Wayne, I'm reading! very nice help files! I'm looking at the color codes, but every now and then a whole line across will change color solid for the time that is checked. then flash back to norm. Is this the same meaning as the normal color code of the text in the line?
A red background on a socket means that socket is dead. Likewise, green background sockets mean that socket was just created. They are indicators so you can which sockets have been closed and opened.
Finally, I understand what they mean "no visible windows" is a process running in the lower right. I have several showing up under cli.exe. I did investigate them at the process level. I found some interesting data that was being sent over them. Some of it was personal. Ofcourse my progams that use these sockets will no longer work if I disable them from sending or receiveing and/kill them. I am left questioning if legitimate companies are allowing personal information to be freely shared through firewalls. If this is the case, then I guess we have to share or just not use thier programs. At any rate, I could be misinterpreting what I am seeing. After one session of collecting data my utilities governing spysockets progam became nonresponsive. This was tracked down to a change or error that occured in the regiistry of portexplorer after several attempts were made to uninstall and reinstall portexplorer to recover this utilities function. Only after using a powerful registry editor was I able to recover its function. This may just be a coincedence or a bug in my system. I will be more certain after further usage of the spyutitliy in portexplorer.
Hi there, this about your cli.exe
cli - cli.exe - Process Information
Process File: cli or cli.exe
Process Name: ATI Catalyst
cli.exe is installed alongside ATI's range of graphics cards with the Catalyst hardware driver range. Installs a easy-to-access taskbar icon for access to diagnostics features. This is a non-essential process. Disabling or enabling this is down to user preference
Author: ATI Technologies
Part Of: ATI Multimedia
System Process: No
Background Process: No
Uses Network: No
Hardware Related: Yes
Common Errors: N/A
Security Risk (0-5): 0
Virus: No ( Remove )
Spyware: No ( Remove )
Trojan: No ( Remove )
If there is any question, you are welcome to send a saved log to us ! Just Click FILE > SAVE AS to make a log and then email the log to support(at)diamondcs.com.au and I'll let you know if theres anything suspicious
Separate names with a comma.