Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Filtering output from TCPView

Posted on 2010-08-28
4
Medium Priority
?
1,600 Views
Last Modified: 2012-05-10
Is there a way to filter by one of the display fields of TCPView?
For instance, if I were to filter by a given local port, say 25 and output the results to a text file over a period of time, would this be feasible?

Any help or suggestion from an expert(s) would be most appreciated. Thanks
0
Comment
Question by:garychu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Assisted Solution

by:michko-au
michko-au earned 400 total points
ID: 33551655
0
 
LVL 71

Accepted Solution

by:
Qlemo earned 1600 total points
ID: 33552565
Just using Currports isn't enough - you need to set up something in it, of course. You need to switch on Auto Refresh via the Options menu, and set it to the period of time you want to monitor changes. And then you need to configure and switch on logging in the File menu. I assume you have already added an application or port filter, and changed the display settings, eg. to exclude listening ports.

Do you want to just log something like.
Outlook opened SMTP to 1.1.1.1 at 01/09/2010 11:30:00
Outlook closed SMTP to 1.1.1.1 at 01/09/2010 11:30:02
? Or do you need the traffic contents?
0
 

Author Comment

by:garychu
ID: 33554545
Thanks, experts for the qucik and ready responses.
I have not heard of Currports before this.
I have found Wireshark a bit overwhelming for my lack of experience.
Will certainly give Currports a go.
Immediately, my attention is on a specific computer in a network which I suspect has been compromised by a spambot(s). Consequently, I need to monitor it for a period of time.
Thus adding a filter for 25 will suffice. Packet contents are of no interest.
May have to also add Outlook as an application because some spambots work through Outlook I understand.
Your further comments will be most helpful as I may be way off course.
Thanks
0
 
LVL 71

Expert Comment

by:Qlemo
ID: 33554976
That should do. But you have to let CurrPorts running on the "offending" machine, else you won't have process information available.
0

Featured Post

Plug and play, no additional software required!

The ATEN UE3310 USB3.1 Gen1 Extender Cable allows users to extend the distance between the computer and USB devices up to 10 m (33 ft). The UE3310 is a high-quality, cost-effective solution for professional environments such as hospitals, factories and business facilities.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
Use of TCL script on Cisco devices:  - create file and merge it with running configuration to apply configuration changes
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question