Utility that shows what port an application just wanted to use

Discussion in 'other firewalls' started by ulukai, May 11, 2009.

Thread Status:
Not open for further replies.
  1. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Hi guys,

    is there a simple utility that would tell me what port (and maybe protocol) a specific application just wanted to use? More or less i want this because I'm testing win7 firewall and it's almost impossible to set it up because it doesn't have anything like learning mode so many times i just don't know what port do i need to open and even google doesn't always help.

    Thanks.
     
  2. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    curports
    tcpview

    or free and already available from command prompt

    netstat -ano

    also open from command prompt

    tasklist /svc

    then you can compare the PID from the netstat window and see which process it refers to. This will show TCP and endpoints, but UDP is a bit less informative.

    tcpmon is what you want when you are ready to stop messing around though. It shows everything. Or a packet sniffer such as wireshark.

    Sul.
     
  3. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Great, thanks man, i will try those apps asap.
     
  4. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Any chance that there is a tool that would show what connection have been blocked or just tried in the past? By past i mean in last minute for example. Curports and tcpview are showing only currently active connections. So if i try to connect with an application that is blocked from network connection, it will not show on the list, or maybe i would have to refresh those apps right in the moment i try to connect with that blocked application.
     
  5. Sully

    Sully Registered Member

    Joined:
    Dec 23, 2005
    Posts:
    3,719
    Not that I know of. tdimon is probably the most informative, but not for what was blocked. I guess all you can do is try and see. Of course a firewall would tell you.

    Sul.
     
  6. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Thanks, it's much better than nothing, so i will just have to play with it a bit more. I guess firewall would tell me, but not win7 firewall :D
     
  7. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    netstat -abno will show the files, eliminating the need to cross reference the PIDs in the task manager.
    Also TCP view is a stand alone program for doing what you are looking for:

    http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

    Some software firewalls have a netstat viewer builtin showing real time events.Kerio 2.1.5 is one example.
     
  8. Espresso

    Espresso Registered Member

    Joined:
    Aug 1, 2006
    Posts:
    975
    If you check the firewall log you can see which ports/protocols to IPs that have been blocked.

    Windows\System32\LogFiles\Firewall\pfirewall.log
     
  9. ulukai

    ulukai Registered Member

    Joined:
    Aug 31, 2006
    Posts:
    11
    Thanks guys.

    That log doesn't help as much as i thought it should. It is not showing application name for which block happened :doubt:
     
Loading...
Thread Status:
Not open for further replies.