RE: process identification

["skill2die4" <skill2die4 () secguru com>]

> > On Mon, 2004-05-03 at 19:19, Stijn De Weirdt wrote:
> > man fuser
> > man lsof
> > HTH
> > -Tarun


I guess the machine in question is windoz, if that's the case...

You can try the "Port Reporter" tool from Microsoft, its pretty good for
doing forensics :-)


[Network] Port Reporter          
> From Microsoft.com
=============================================
Port Reporter logs TCP and UDP port activity on a local Windows system. Port
Reporter is a small application that runs as a service on Windows 2000,
Windows XP, and Windows Server 2003. On Windows XP and Windows Server 2003
this service is able to log which ports are used, which process is using the
port, if the process is a service, which modules the process has loaded and
which user account is running the process.
On Windows 2000 systems, this service is limited to logging which ports are
used and when. In both cases the information that the service provides can
be helpful for security purposes, troubleshooting scenarios, and profiling
systems' port usage. 
=============================================
http://www.microsoft.com/downloads/details.aspx?familyid=69ba779b-bae9-4243-
b9d6-63e62b4bcd2e


HTH,


-=skillz=-


.


---------------------------------------------------------------------------
Ethical Hacking at the InfoSec Institute. Mention this ad and get $545 off
any course! All of our class sizes are guaranteed to be 10 students or less
to facilitate one-on-one interaction with one of our expert instructors.
Attend a course taught by an expert instructor with years of in-the-field
pen testing experience in our state of the art hacking lab. Master the skills
of an Ethical Hacker to better assess the security of your organization.
Visit us at:
http://www.infosecinstitute.com/courses/ethical_hacking_training.html
----------------------------------------------------------------------------