Saturday, August 29, 2009

investigating port on Windows XP and Linux

How to Investigate a port in Windows XP

If you find anything suspicious going on in your computer, you can investigate a port in your PC with windows xp task manager program. Many worms, viruses and trojans mailiciously download harmful scripts to your computer using different ports that you may not know. The best way to protect your PC from such worms and trojans is by using a firewall. You can use comodo firewall which can be downloaded free of charge.


To investigate a port and see what programs are using, can be done easily in 2 steps
1. Go to Start > Run > command
2. At the command prompt type netstat -noa
Investigate port in windows xp
3. Look for connections with LISTENING and ESTABLISHED. Note that port numbers will be identified in the form of 127.0.0.1:1092 (IP address followed by colon is the port number). In this case 1092 is the port.
4. Note the PID (process id) for that port and this process id corresponds to program using it.
5. Next we will find out that PID with windows task manager program.
6. Go to ALT+CTRL+DEL then press task manager button. You will see the processes listed and the memory.
Note: By default with task manager it will not show the PID of the processes. You have to enable it from the options menu.

Should you find the running process to be suspicious just end the process.
Tip: Use a firewall like ZoneAlarm or Comodo Firewall (both are free) to block suspicious programs running on your PC.

How to Investigate a Port in Linux

It is very easy to investigate a port and kill that process in your linux server or box.
  • First find the ports that are active and listening to.
  • Note the port and the process ID (PID)
  • Find which processes is running based on that PID
  • If you find anything suspicious, kill that process.
netstat -nap
// lists both TCP and UDP connections (listening and established)
Netstat - Investigate suspicious  port Linux
ps
// this command tells which program is running this process id
pidof
// alternate command
If you find this running program or process suspicious like trojan or worm, kill the process
kill

I got this over http://www.mysql-apache-php.com/investigate-port.htm I kept it over my blog to share as well for my knowledge management.

No comments:

Post a Comment