Port-Enumeration Tools

In your efforts to track spambots, you need to use port enumeration. Here are some resources for further learning.

ITPro Today

April 17, 2005

1 Min Read
ITPro Today logo in a gray background | ITPro Today

PORT-ENUMERATION TOOLS
If you find that the egress filters on your perimeter networks are blocking communication from unauthorized ports, you should always research those ports to determine the intent of the communication. Your egress filter log should tell you which computer made an unauthorized attempt, and from that point you need to track down which program on the computer was involved. The process of tying the program or service to the TCP/IP port it uses is called port enumeration. Several free and relatively cheap tools are available to do the job, including Microsoft's own Netstat (try Netstat -ano or Netstat -b in Windows XP Service Pack 2--SP2), Fport (http://www.foundstone.com), TCPView (http://www.sysinternals.com), and Port Explorer (http://www.diamondcs.com). For a roundup of such tools, see "11 Port Enumerators," November 2003, InstantDoc ID 40313. Also, consider using an Intrusion Detection System (IDS) or network protocol sniffer to help with application identity. For an overview of sniffers, see "6 Network Protocol Analyzers," July 2004, InstantDoc ID 42922.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like