This is of course off topic, and has to do with network and security.
I ran a port scanner on my own computer and found 2 to three ports open with numbers between 1000 and 2000 (they change more or less randomly every time I restart the machine). I am unclear about who and why opened them.
The question to you is:

How can I find out which thread, file, service, virus, trojan etc opened and is listening to the ports?
The portscanner reports some info about well known and legitimate ports, but nothing about them.
the antivirus and firewall (Norton) report nothing out of the ordinary.
Symantec Security test site says every thing is fine, but I still don't know what those bloody ports are doing.
Thanks

http://www.codeproject.com/internet/enetstatasp.asp#xx668954xx ("http://www.codeproject.com/internet/enetstatasp.asp#xx668954xx")

There are GUI versions of this too. Next time use Google :\

Yeah that's it, thrash him soundly in and around the nether regions with a wet towel for not searching

I still have to test this myself, but there's a utility linked within a link to the link I gave in the Windows Forensics: Have I been Hacked? post that might do the job - Vision v1.0.

http://www.foundstone.com/index.htm?subnav=resources/navigation.htm&subcontent=/resources/freetools.htm

-------------------------
Vision v1.0
Reports all open TCP and UDP ports and maps them to the owning process or application.

Vision, a host based Forensic Utility is the GUI successor to the well-known freeware tool, Fport. This innovative new product from Foundstone shows all of the open TCP and UDP ports on a machine, displays the service that is active on each port, and maps the ports to their respective applications. Vision allows users to access a large amount of supplementary information that is useful for determining host status by displaying detailed system information, applications running, as well as processes and ports in use.

Key Features

Interrogate ports and identify potential "Trojan" services by using the "Port Probe" command in the port mapper. Using "Port Probe", Vision will enable you to send a customized string of information to the port. Based on the response from the port, a determination can be made to either kill the port, using the "Kill" command, or leave it as is.

View system events by sorting by application, process, service, port, remote IP, and device drivers in ascending or descending order.

Identify and review detailed information about Services and Devices to determine if they are Running or Stopped.
---------------------------------

(Oh, and a little bit of cold cream will reduce the red welts...)

Cheers,
Kayaker

Will not netstat show the same information ?

Woodmann

netstat only shows open ports and port types, not which process they belong to

check out this site....hxxp://www.networksorcery.com/enp/protocol/ip/ports00000.htm

Auuch!!!

Next time, instead of seeing a doctor, I will read an Internal Medicine (Geriatric Internal Medicine in my case) textbook instead.

Yeah flame him . Hmm strange,they should delete disavowed posts >

The following is another excellent free tool from our friends at sysinternals too:

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Need this be off topic? I wouldn't mind seeing more network and security discussions, like RCE it's all part of a total understanding of computer software, hardware and operating issues. There seem to be a number of people here with at least some knowledge of network operations, and a few lively discussions of some aspect of things we don't usually discuss might make for interesting reading. (What, you don't find unpacking Asprotect interesting enough, you treasonous bastid!!?)

dELTA had mentioned at one point about starting a Networking forum, might there be enough interest to make something like that viable? Just thought I'd bring that up for discussion...

Kayaker

Kayaker

the perfect solution :-

EssentialNetTools from Tamos........ is protected by ASP.......

networking does not fall under the topic of reverse software engineering (the theme of this set of forums), so i would not add it as a new forum

Any posts regarding networking and security are welcome in the Advanced Reversing/Programming forum anyway (except for crypto stuff which will fit better in the cryptographics forum off course).

And there are many aspects of networking and security that are related to both reverse code engineering and even more reverse engineering in general, so if the post count of such related topics ever rise high enough in the Advanced R/P forum or the Off Topic forum we might very well consider starting a separate forum for these things.

i'm against that forum.

It feels good to hear your well-founded reasons for your opinion eval.

because reason very simple, i not wrote nothing.
i think, that is not RCE-related.

your move, show if that is.


***
hot Q of day:
is as_ reversing RCE-related!? ~8-0

AAtools and Kerio personal firewall will both do the trick. First is a target, second is free. Oh, and did I mention the added bonus of running a firewall?

Heh, and flames for not searching on this. The answer "firewall" should have been in your thoughts even before considering asking people around here.

Fake

Yes, but it is often more appealing to have a light-weight tool to do such a thing, rather than the driver mess of a personal firewall, affecting a thousand other things in the system. Especially if you are perhaps already running another firewall without this feature.

A firewall that won't tell you what processes are running and doing net-stuff? Not worth running.
Anyway, thinking firewall should have set off a search that should easily bring up plenty tools alongside. Sure, just posting here is easier, but come on, this one is so easy.

Fake

OK guys. Enough. My post was not completely clear, and I did not think it was important, so I let it go but:
I do have a firewall. Norton, in one computer, zone alert in others. They do list the processes, but the ports I was nervous about, did not show in Norton's list.
The Norton site was less than helpful. Their detector said everything was OK, but I am behind several layers of firewalls. I also know that a firewall, particularly a personal (cracked) one is not impenetrable, particularly if you have malicious code working from inside your computer

Posts like UrgeOverkill did point me in the right direction, explaining which ports are supposed to be open, which are exploits, and which are both.

I recognize I could have searched more thoroughly, an I give my apologies to anybody I importunated. My ignorance in networking and hacking is even greater than RCE, so I asked for some guidance.

naides, +SPLAJ already pointed you to -www.tamos products,
keygened by him, kraked by mim?

apology accepted

On a side note:

How about netsh ?

cmd
netsh
netsh>interface ip show

and for more see netsh on technet