Utility that shows what port an application just wanted to use

Discussion in 'other firewalls' started by ulukai, May 11, 2009.

Thread Status:
Not open for further replies.
  1. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Hi guys,

    is there a simple utility that would tell me what port (and maybe protocol) a specific application just wanted to use? More or less i want this because I'm testing win7 firewall and it's almost impossible to set it up because it doesn't have anything like learning mode so many times i just don't know what port do i need to open and even google doesn't always help.

    Thanks.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    curports
    tcpview

    or free and already available from command prompt

    netstat -ano

    also open from command prompt

    tasklist /svc

    then you can compare the PID from the netstat window and see which process it refers to. This will show TCP and endpoints, but UDP is a bit less informative.

    tcpmon is what you want when you are ready to stop messing around though. It shows everything. Or a packet sniffer such as wireshark.

    Sul.
     
  3. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Great, thanks man, i will try those apps asap.
     
  4. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Any chance that there is a tool that would show what connection have been blocked or just tried in the past? By past i mean in last minute for example. Curports and tcpview are showing only currently active connections. So if i try to connect with an application that is blocked from network connection, it will not show on the list, or maybe i would have to refresh those apps right in the moment i try to connect with that blocked application.
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Not that I know of. tdimon is probably the most informative, but not for what was blocked. I guess all you can do is try and see. Of course a firewall would tell you.

    Sul.
     
  6. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Thanks, it's much better than nothing, so i will just have to play with it a bit more. I guess firewall would tell me, but not win7 firewall :D
     
  7. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    netstat -abno will show the files, eliminating the need to cross reference the PIDs in the task manager.
    Also TCP view is a stand alone program for doing what you are looking for:

    http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

    Some software firewalls have a netstat viewer builtin showing real time events.Kerio 2.1.5 is one example.
     
  8. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    976
    If you check the firewall log you can see which ports/protocols to IPs that have been blocked.

    Windows\System32\LogFiles\Firewall\pfirewall.log
     
  9. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Thanks guys.

    That log doesn't help as much as i thought it should. It is not showing application name for which block happened :doubt:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.