File information : Fport

This is detailed information about which file or process is responsible for services, process ID and other network modifications and settings. This tool is very useful in analyzing a file and structure.

Fport reports all open TCP/IP and UDP ports and maps them to the owning application. This is the same information you would see using the 'netstat -an' command, but it also maps those ports to running processes with the PID, process name and path. Fport can be used to quickly identify unknown open ports and their associated applications.

Installation:

Download the Fport.exe (56 KB) file to your computer.

Place the Fport.exe file directly on your C drive. Fport works only if you navigate to where it is being stored in the command prompt. (E.g. C drive you stored à C:\fport, that’s it.)

Usage:

Ø  Start àRunà cmd

Ø  C:\>cd\

Ø  C:\ >fport –p

If you want to copy the output of fport into a file

Ø  C:\>fport –p >> [filename].txt

You can look at output and see if you notice any strange programs on your machine. Then use a command line ’kill’ utility such as” taskkill [specific PID]” to stop the program. Typically Trojans and some viruses will open up non standard ports which can be great clue to determining if a system is compromised or not. Watch out for open high numbered ports such as 3112, 31337, 12345, 7777, and 65000. Fport can be used on the windows NT4, Windows 2000, Windows XP.