Solved

Filtering output from TCPView

Posted on 2010-08-28
4
1,498 Views
Last Modified: 2012-05-10
Is there a way to filter by one of the display fields of TCPView?
For instance, if I were to filter by a given local port, say 25 and output the results to a text file over a period of time, would this be feasible?

Any help or suggestion from an expert(s) would be most appreciated. Thanks
0
Comment
Question by:garychu
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 3

Assisted Solution

by:michko-au
michko-au earned 100 total points
ID: 33551655
0
 
LVL 70

Accepted Solution

by:
Qlemo earned 400 total points
ID: 33552565
Just using Currports isn't enough - you need to set up something in it, of course. You need to switch on Auto Refresh via the Options menu, and set it to the period of time you want to monitor changes. And then you need to configure and switch on logging in the File menu. I assume you have already added an application or port filter, and changed the display settings, eg. to exclude listening ports.

Do you want to just log something like.
Outlook opened SMTP to 1.1.1.1 at 01/09/2010 11:30:00
Outlook closed SMTP to 1.1.1.1 at 01/09/2010 11:30:02
? Or do you need the traffic contents?
0
 

Author Comment

by:garychu
ID: 33554545
Thanks, experts for the qucik and ready responses.
I have not heard of Currports before this.
I have found Wireshark a bit overwhelming for my lack of experience.
Will certainly give Currports a go.
Immediately, my attention is on a specific computer in a network which I suspect has been compromised by a spambot(s). Consequently, I need to monitor it for a period of time.
Thus adding a filter for 25 will suffice. Packet contents are of no interest.
May have to also add Outlook as an application because some spambots work through Outlook I understand.
Your further comments will be most helpful as I may be way off course.
Thanks
0
 
LVL 70

Expert Comment

by:Qlemo
ID: 33554976
That should do. But you have to let CurrPorts running on the "offending" machine, else you won't have process information available.
0

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Configuring network clients can be a chore, especially if there are a large number of them or a lot of itinerant users.  DHCP dynamically manages this process, much to the relief of users and administrators alike!
There's a multitude of different network monitoring solutions out there, and you're probably wondering what makes NetCrunch so special. It's completely agentless, but does let you create an agent, if you desire. It offers powerful scalability …
In this video we outline the Physical Segments view of NetCrunch network monitor. By following this brief how-to video, you will be able to learn how NetCrunch visualizes your network, how granular is the information collected, as well as where to f…
Suggested Courses
Course of the Month3 days, 19 hours left to enroll

630 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question