Solved

Filtering output from TCPView

Posted on 2010-08-28
4
1,423 Views
Last Modified: 2012-05-10
Is there a way to filter by one of the display fields of TCPView?
For instance, if I were to filter by a given local port, say 25 and output the results to a text file over a period of time, would this be feasible?

Any help or suggestion from an expert(s) would be most appreciated. Thanks
0
Comment
Question by:garychu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Assisted Solution

by:michko-au
michko-au earned 100 total points
ID: 33551655
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 400 total points
ID: 33552565
Just using Currports isn't enough - you need to set up something in it, of course. You need to switch on Auto Refresh via the Options menu, and set it to the period of time you want to monitor changes. And then you need to configure and switch on logging in the File menu. I assume you have already added an application or port filter, and changed the display settings, eg. to exclude listening ports.

Do you want to just log something like.
Outlook opened SMTP to 1.1.1.1 at 01/09/2010 11:30:00
Outlook closed SMTP to 1.1.1.1 at 01/09/2010 11:30:02
? Or do you need the traffic contents?
0
 

Author Comment

by:garychu
ID: 33554545
Thanks, experts for the qucik and ready responses.
I have not heard of Currports before this.
I have found Wireshark a bit overwhelming for my lack of experience.
Will certainly give Currports a go.
Immediately, my attention is on a specific computer in a network which I suspect has been compromised by a spambot(s). Consequently, I need to monitor it for a period of time.
Thus adding a filter for 25 will suffice. Packet contents are of no interest.
May have to also add Outlook as an application because some spambots work through Outlook I understand.
Your further comments will be most helpful as I may be way off course.
Thanks
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 33554976
That should do. But you have to let CurrPorts running on the "offending" machine, else you won't have process information available.
0

Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Article by: rfc1180
The Maximum Segment size (MSS) is an important consideration when troubleshooting connectivity via the Internet/Intranet. As the packets are routed via the Internet/Intranet, the packets must traverse through multiple routers in the path between two…
David Varnum recently wrote up his impressions of PRTG, based on a presentation by my colleague Christian at Tech Field Day at VMworld in Barcelona. Thanks David, for your detailed and honest evaluation!
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question