[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now

x
?
Solved

Monitor a specific port

Posted on 2003-11-17
4
Medium Priority
?
5,203 Views
Last Modified: 2013-12-19
I see that netstat can tell me if an IP port is in use and can give me per-protocol traffic, but I need to know if there is any traffic over a specific port.

Specifically, we have an application that keeps port 15032 open all the time.  There will be times when we need to unload that app, do some things, the restart the app, but I don't want to stop that app until the port has been idle for several minutes.

If possible, I'd like to use an extant utility whose stdout I can parse for port-specific traffic counts, otherwise it will take me a week or so to write one.

Anyone know of such a utility?  Undocumented options to netstat?  Something everyone knows about that my pea brain has overlooked in its dotage?

tia...
0
Comment
Question by:cookre
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 57

Expert Comment

by:Pete Long
ID: 9764540
Hi cookre,
Finding out what Ports are open

TO find out what ports are open/exposed do the following

Start >Run >type "cmd" {enter}
At the command line type "netstat -a" {enter}

The list displayed shows "Listening ports" and established "Who is on the other end" connections to yout computer.

WARNING
This is a list of common Trojan/Backdoor Port numbers
http://www.sans.org/resources/idfaq/oddports.php


Who is listening? Use this syntax: netstat -an |find /i "listening"
Save who is listening to a text file: netstat -an |find /i "listening" > c:\openports.txt
Who is established? Use this syntax: netstat -an |find /i "established"


Note: In Windows XP, you can type NETSTAT -O to get a list of all the owning process ID associated with each connection: netstat -ao |find /i "listening"


*****Pulist*****

You can use PULIST from the W2K Resource Kit to find the PID and see what process uses it and who started it. For example, you found out that your computer had an open connection to a remote IP address on TCP port 80, and you don't have any Internet Explorer or other browser windows open. You want to find out what process is using that session.
Download: http://www.microsoft.com/windows2000/techinfo/reskit/tools/existing/pulist-o.asp


*****Links*****

Port Assignments for Commonly-Used Services
http://www.microsoft.com/windows2000/techinfo/reskit/samplechapters/cnfc/cnfc_por_simw.asp

TCP/UDP Ports Used By Exchange 2000 Server
http://support.microsoft.com/default.aspx?scid=kb;en-us;278339

Nice shiny Port List :0)
http://hackerwhacker.com/portslist.html

http://www.incubus.co.uk/os/windows/netstat.htm
http://www.petri.co.il/quickly_find_local_open_ports.htm

*****Portscan Software*****

Scan Yourself (Free)

Scan your Ports with Port Detective: lets you scan your PC ports to see which are open, in use, or blocked. This will help you find out how vulnerable your system is to hackers, and will also let you know which ports you can use for applications such as Web servers
http://www.portdetective.com/

Scan Remote COmputers (Free)

Advanced port scanner is a small, fast, robust and easy-to use port scanner for Win32 platform. It uses a multithread technique, so on fast machines you can scan ports very fast. Also, it contains descriptions for common ports, and can perform scans on predefined port ranges. You can use it for FREE. Download now!
http://www.antivirus.com.au/radmin/famatech_nu/portscanner.htm

Cheers!
0
 
LVL 57

Accepted Solution

by:
Pete Long earned 1000 total points
ID: 9764544
cookre,
Network monitoring and troubleshooting

*****Hardware*****

Fluke Gear

One Touch (approx $5000)
http://portweb.flukenetworks.com/storage/efulfillment/1287921_1214_ENG_F_EFUL_618.pdf

NetTool (approx $1400)
http://portweb.flukenetworks.com/storage/efulfillment/1567676_1214_ENG_D_EFUL_625.pdf

OptiView (approx $17000)
http://portweb.flukenetworks.com/storage/efulfillment/1590227_1215_ENG_E_EFUL_646.pdf

Optiview Workgroup analyser
http://portweb.flukenetworks.com/storage/efulfillment/1638900_1215_ENG_C_EFUL_809.pdf

DSP-4300 Tester (approx $5000)
https://myvision.flukenetworks.com/edocs/efile.asp?oid=1626542

Wave Runner Wireless Tester (For Compaq Ipaq) (approx $4000)
http://portweb.flukenetworks.com/storage/efulfillment/1989155_1214_ENG_B_EFUL_1006.pdf



*****Software*****

Fluke Optiview (Network Inspector) (approx $8000)
http://portweb.flukenetworks.com/storage/efulfillment/1609415_1215_ENG_E_EFUL_654.pdf
http://tomshardware.bizrate.com/Fluke%20OPTIVIEW%20NETWORK-INSPECTOR%20SW,mss__cat_id--320,prod_id--6609426,rf--wgg.html

Ethereal (FREEWARE) - Best for sniffing traffic in and out of an interface
http://www.ethereal.com/

Sniffer Pro - Investigator (approx $5000)
http://www.snifferpro.co.uk/

Sniffer Basic (approx $1000)
http://www.networkassociates.com/us/products/sniffer/field/sniffer_basic.htm

Solarwinds Engineers Toolkit (price £688.00 sterling)
(This is a fantastic product - I use it every day)
http://www.solarwindsuk.co.uk/products/engineers.htm

MTRG (Multi Router Traffic Grapher) (FREEWARE)
http://people.ee.ethz.ch/~oetiker/webtools/mrtg/users.html

IPERF (FREEWARE)
http://dast.nlanr.net/Projects/Iperf/

NetworkActiv Scanner 4.0  (FREEWARE)
http://www.networkactiv.com/Scanner.html

NetIQ (FREEWARE)
http://www.ixiacom.com/enterprise/Qcheck.php
0
 
LVL 22

Author Comment

by:cookre
ID: 9765706
Looks like I'm gonna hafta do some coding.

WinPCap's a winner.
0
 
LVL 57

Expert Comment

by:Pete Long
ID: 9766418
ThanQ
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

FIPS stands for the Federal Information Processing Standardisation and FIPS 140-2 is a collection of standards that are generically associated with hardware and software cryptography. In most cases, people can refer to this as the method of encrypti…
The Need In an Active Directory enviroment, the PDC emulator provide time synchronization for the domain. This is important since Active Directory uses Kerberos for authentication.  By default, if the time difference between systems is off by more …
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…
In this video, Percona Solution Engineer Rick Golba discuss how (and why) you implement high availability in a database environment. To discuss how Percona Consulting can help with your design and architecture needs for your database and infrastr…

650 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question