I recently installed some security scanning software on my network and have been receiving reports from a domain controller on the network that udp ports 61748 and 49683 are open and closed depending on when the report is run. The security software ties these two ports to two known Trojans KiLo and Fenster respectively.
I've done some research to see how I can identify whether those Trojans are installed and based on my research have not found anything on the server to suggest it has been compromised. What I'd like to do to satisfy my curiosity is to figure out what those port are being used for--it may be some app I have installed...
My question is: What is the best way to log the use of ports over time to see what application is using those ports?