Date post: | 18-Nov-2014 |
Category: |
Technology |
Upload: | lovemytool |
View: | 2,395 times |
Download: | 1 times |
© 2009 www.thetechfirm.com
CurrPorts Trainingwith
Windows QuickStart
Tony Fortunato, Sr Network SpecialistPeter Ciuffreda, Network Technician
The Technology Firm
© 2009 www.thetechfirm.com
What is CurrPorts?
CurrPorts is;
• Go get it at http://www.nirsoft.net/utils/cports.html
• Portable Utility - no installation or additional DDL’s required
• Displays list of all currently opened TCP/IP and UDP ports on your local computer, including other logged in accounts.
• For each open port also displays:- process name - version info of the process- full path of the process - time process created- user that created process
© 2009 www.thetechfirm.com
Why use CurrPorts?
CurrPorts can be used for the following tasks;• Discover what and how many ports an application uses• Estimate length of time on port connections• Close unwanted connection; kill processes that opened the port(s)• Automatically marks with pink, unidentified, suspicious TCP/UDP ports• Discover the number(s) of ports you may want blocked on your network• Determine if you have TCP/UDP port limitations based on typical application
usage
© 2009 www.thetechfirm.com
CurrPorts Main Window
The main window of CurrPorts displays all the applications open, both the local and remote TCP/IP or UDP port in use, the remote host name, the state of the connection, the process path, and even information on the application manufacturer.
• Process that are highlighted in green are ones that are currently active.• Process that are highlighted in pink are marked as suspicious.
This is caused by ports being used by a unidentified application • Process that are white are listening application port numbers.
Active
Suspicious
Listening
© 2009 www.thetechfirm.com
Recommended Options For Active Sessions
DEFAULT Suggested
© 2009 www.thetechfirm.com
Recommended Options For An Application Profile
DEFAULT
© 2009 www.thetechfirm.com
Refresh Rate And Options Menu
If the application is a real time app, then the Refresh rate should be set to minimum value of 2 seconds
If the application is a command response/human interventions application then you can use a manual refresh rate or anything.
When doing this for the first time with any application leave all options selected
The “Advanced Filters” option allows you to set filters to include or exclude processes, IP addresses, or port numbers.
© 2009 www.thetechfirm.com
Polling Interval Example
Polling/Refresh Interval = 2 Seconds
0 2 4
Open Close
Nothing Displayed
.8 1.2
Open Close
Application and Port Information Displayed
1 3
© 2009 www.thetechfirm.com
Filtering Notes
If you type an incorrect filter syntax; CurrPorts will NOT WARN YOU of syntax Errors CurrPorts will still show ALL the information REFERENCE THE EXAMPLES IN THE FILTER DIALOGUE BOX NOTING
INCLUDE AND EXCLUDE DETAILS
CORRECT
INCORRECT
© 2009 www.thetechfirm.com
Logging Feature – from cports.chm
Log File CurrPorts allows you to save all changes (added and removed connections) into a
log file. To start writing to the log file, check the 'Log Changes' option under the File menu. By default, the log file is saved as 'cports.log' in the same folder that cports.exe is
located. You can change the default log filename by setting the 'LogFilename' entry in
cports.cfg file. . Be aware that the log file is updated only when you refresh the ports list manually, or
when the 'Auto Refresh' option is turned on.
© 2009 www.thetechfirm.com
Sample Application
Observer the behavior of uTorrent
1. Start CurrPorts
2. Start uTorrent and note the Process Name used, shut down application ie uTorrent.exe in the example
3. Create a filter via the funnel icon, or F9, or Options->Advanced Filters
4. Select appropriate refresh rate – 2 seconds for the uTorrent application
5. Clear Log File, and Select Log Changes
6. Run application
7. Review log file “cports.log”
© 2009 www.thetechfirm.com
Cports.log results
In this example, we can see the connections being created and removed along with a timeline
You should always “Clear Log File” before starting your application
© 2009 www.thetechfirm.com
Comparison of Connections
In this example Wireshark was used to validate and better understand the CPORTS refresh rate and reporting
Since the application opened and closed connection in BETWEEN the refresh rate, the connections were not recorded, nor displayed
Wireshark
Cports log
Cports App
© 2009 www.thetechfirm.com
Pros and Cons
Pro Cons
Filtering helpful Limited commands and specific syntax
Logging Dependant on the Refresh Rate
Refresh Rate configurable May miss connections if they open/close within Refresh rate
Great for Novice or to take a quick peek of port usage
Inconsistently reports connections used
Would recommend this utility despite its short comings
© 2009 www.thetechfirm.com
CurrPORTS Training - QuickStart
Tony Fortunato, Sr Network SpecialistPeter Ciuffreda, Network Technician
The Technology Firm
Thank you
© 2009 www.thetechfirm.com
For additional educational videos on Open Source Network Tools, please click on the following …
http://www.lovemytool.com/blog/ostu.html
LoveMyTool.com – Community for Network Tools