OSTU - CurrPorts QuickStart (by Tony Fortunato & Peter Ciuffreda)

50 %
50 %
Information about OSTU - CurrPorts QuickStart (by Tony Fortunato & Peter Ciuffreda)

Published on June 27, 2009

Author: LoveMyTool

Source: slideshare.net

Description

Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.

CurrPorts Training with Windows QuickStart Tony Fortunato, Sr Network Specialist Peter Ciuffreda, Network Technician The Technology Firm

What is CurrPorts? CurrPorts is; Go get it at http://www.nirsoft.net/utils/cports.html Portable Utility - no installation or additional DDL’s required Displays list of all currently opened TCP/IP and UDP ports on your local computer, including other logged in accounts. For each open port also displays: - process name - version info of the process - full path of the process - time process created - user that created process

CurrPorts is;

Go get it at http://www.nirsoft.net/utils/cports.html

Portable Utility - no installation or additional DDL’s required

Displays list of all currently opened TCP/IP and UDP ports on your local computer, including other logged in accounts.

For each open port also displays: - process name - version info of the process - full path of the process - time process created - user that created process

Why use CurrPorts? CurrPorts can be used for the following tasks; Discover what and how many ports an application uses Estimate length of time on port connections Close unwanted connection; kill processes that opened the port(s) Automatically marks with pink, unidentified, suspicious TCP/UDP ports Discover the number(s) of ports you may want blocked on your network Determine if you have TCP/UDP port limitations based on typical application usage

CurrPorts can be used for the following tasks;

Discover what and how many ports an application uses

Estimate length of time on port connections

Close unwanted connection; kill processes that opened the port(s)

Automatically marks with pink, unidentified, suspicious TCP/UDP ports

Discover the number(s) of ports you may want blocked on your network

Determine if you have TCP/UDP port limitations based on typical application usage

CurrPorts Main Window The main window of CurrPorts displays all the applications open, both the local and remote TCP/IP or UDP port in use, the remote host name, the state of the connection, the process path, and even information on the application manufacturer. Process that are highlighted in green are ones that are currently active. Process that are highlighted in pink are marked as suspicious. This is caused by ports being used by a unidentified application Process that are white are listening application port numbers. Active Suspicious Listening

The main window of CurrPorts displays all the applications open, both the local and remote TCP/IP or UDP port in use, the remote host name, the state of the connection, the process path, and even information on the application manufacturer.

Process that are highlighted in green are ones that are currently active.

Process that are highlighted in pink are marked as suspicious.

This is caused by ports being used by a unidentified application

Process that are white are listening application port numbers.

Recommended Options For Active Sessions DEFAULT Suggested

Recommended Options For An Application Profile DEFAULT

Refresh Rate And Options Menu If the application is a real time app, then the Refresh rate should be set to minimum value of 2 seconds If the application is a command response/human interventions application then you can use a manual refresh rate or anything. When doing this for the first time with any application leave all options selected The “Advanced Filters” option allows you to set filters to include or exclude processes, IP addresses, or port numbers.

If the application is a real time app, then the Refresh rate should be set to minimum value of 2 seconds

If the application is a command response/human interventions application then you can use a manual refresh rate or anything.

When doing this for the first time with any application leave all options selected

The “Advanced Filters” option allows you to set filters to include or exclude processes, IP addresses, or port numbers.

Polling Interval Example Polling/Refresh Interval = 2 Seconds 0 2 4 Open Close Nothing Displayed .8 1.2 Open Close Application and Port Information Displayed 1 3

Polling/Refresh Interval = 2 Seconds

Filtering Notes If you type an incorrect filter syntax; CurrPorts will NOT WARN YOU of syntax Errors CurrPorts will still show ALL the information REFERENCE THE EXAMPLES IN THE FILTER DIALOGUE BOX NOTING INCLUDE AND EXCLUDE DETAILS CORRECT INCORRECT

If you type an incorrect filter syntax;

CurrPorts will NOT WARN YOU of syntax Errors

CurrPorts will still show ALL the information

REFERENCE THE EXAMPLES IN THE FILTER DIALOGUE BOX NOTING INCLUDE AND EXCLUDE DETAILS

CORRECT

INCORRECT

Logging Feature – from cports.chm Log File CurrPorts allows you to save all changes (added and removed connections) into a log file. To start writing to the log file, check the 'Log Changes' option under the File menu. By default, the log file is saved as 'cports.log' in the same folder that cports.exe is located. You can change the default log filename by setting the 'LogFilename' entry in cports.cfg file. . Be aware that the log file is updated only when you refresh the ports list manually, or when the 'Auto Refresh' option is turned on.

Log File

CurrPorts allows you to save all changes (added and removed connections) into a log file.

To start writing to the log file, check the 'Log Changes' option under the File menu.

By default, the log file is saved as 'cports.log' in the same folder that cports.exe is located.

You can change the default log filename by setting the 'LogFilename' entry in cports.cfg file. .

Be aware that the log file is updated only when you refresh the ports list manually, or when the 'Auto Refresh' option is turned on.

Sample Application Observer the behavior of uTorrent Start CurrPorts Start uTorrent and note the Process Name used, shut down application ie uTorrent.exe in the example Create a filter via the funnel icon, or F9, or Options->Advanced Filters Select appropriate refresh rate – 2 seconds for the uTorrent application Clear Log File, and Select Log Changes Run application Review log file “cports.log”

Observer the behavior of uTorrent

Start CurrPorts

Start uTorrent and note the Process Name used, shut down application

ie uTorrent.exe in the example

Create a filter via the funnel icon, or F9, or Options->Advanced Filters

Select appropriate refresh rate – 2 seconds for the uTorrent application

Clear Log File, and Select Log Changes

Run application

Review log file “cports.log”

Cports.log results In this example, we can see the connections being created and removed along with a timeline You should always “Clear Log File” before starting your application

In this example, we can see the connections being created and removed along with a timeline

You should always “Clear Log File” before starting your application

Comparison of Connections In this example Wireshark was used to validate and better understand the CPORTS refresh rate and reporting Since the application opened and closed connection in BETWEEN the refresh rate, the connections were not recorded, nor displayed Cports App Wireshark Cports log

In this example Wireshark was used to validate and better understand the CPORTS refresh rate and reporting

Since the application opened and closed connection in BETWEEN the refresh rate, the connections were not recorded, nor displayed

Pros and Cons Pro Cons Filtering helpful Limited commands and specific syntax Logging Dependant on the Refresh Rate Refresh Rate configurable May miss connections if they open/close within Refresh rate Great for Novice or to take a quick peek of port usage Inconsistently reports connections used Would recommend this utility despite its short comings

CurrPORTS Training - QuickStart Tony Fortunato, Sr Network Specialist Peter Ciuffreda, Network Technician The Technology Firm Thank you

For additional educational videos on Open Source Network Tools, please click on the following … http://www.lovemytool.com/blog/ostu.html LoveMyTool.com – Community for Network Tools

For additional educational videos on Open Source Network Tools, please click on the following …

http://www.lovemytool.com/blog/ostu.html

Add a comment

Related pages

OSTU - CurrPorts QuickStart (by Tony Fortunato & Peter ...

... Tony Fortunato is a Senior Network ... LoveMyTool - Building an Open Community for Network ... OSTU - CurrPorts QuickStart (by Tony Fortunato ...
Read more

OSTU - hrPING QuickStart Part 1 (by Tony Fortunato & Peter ...

... Tony Fortunato is a Senior Network ... jeff schwartz on Wireshark Transum Quickstart (by Tony Fortunato) ... (by Tony Fortunato & Peter Ciuffreda)
Read more

OSTU - Troubleshooting VPN with Wireshark (by Tony Fortunato)

Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and ...
Read more

Pop Songbook 1 by Tony Attwood - Documents

Pop Songbook 1 by Tony Attwood; of ...
Read more

HTML5 RRDTool Grapher demo - YouTube

HTML5 RRDTool Grapher demo ... Quickstart Guide for MRTG (by Tony Fortunato) ... Peter Upfold 13.595 visualizações.
Read more