Fport Maps Ports To Applications
Fport is a portable command line utility that will report all open TCP and UDP ports to the user. The port analyzer maps each open port to an application which distinguishes it from the netstat -an command in Windows which otherwise provides the same level of detail and information.
What this means is that Fport will display all open ports and the applications that use them for connections. This makes it very easy to find unauthorized connections by simply verifying the applications one by one.
Fport has to be launched from the command line or a batch script. It will display all open ports and their applications if it is executed without switches. The following switches are available:
/p (sort by port)
/a (sort by application)
/i (sort by pid)
/ap (sort by application path)
You may want to use the /a switch to sort the connections by applications as it makes it easier to find all connections of individual programs.
The output will look like this:
C:\>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Copyright 2000 by Foundstone, Inc.
http://www.foundstone.com
Pid Process Port Proto Path
392 svchost -> 135 TCP C:\WINNT\system32\svchost.exe
8 System -> 139 TCP
8 System -> 445 TCP
508 MSTask -> 1025 TCP C:\WINNT\system32\MSTask.exe392 svchost -> 135 UDP C:\WINNT\system32\svchost.exe
8 System -> 137 UDP
8 System -> 138 UDP
8 System -> 445 UDP
224 lsass -> 500 UDP C:\WINNT\system32\lsass.exe
212 services -> 1026 UDP C:\WINNT\system32\services.exe
The easiest way to work with fport is to save the output into a text document for further processing. This can be done with the command fport > output.txt which will create a text document with the name output.txt in the root directory of fport.
A similar application with a graphical user interface is Cports.
Update: Fport is still available on the McAfee website and it should work just fine. You find the tool listed under Intrusion Detection Tools on the download page.
check out whatsrunning for a GUI tool that does all that and more
http://www.whatsrunning.net/
Free for personal use, $25 for commercial.
May not completely work on 64 bit systems though.
tcpviewer developed by mark russinovich of sysinternals (now aquired by microsoft is better at it). comes with command line tool also.