netport v1.0 (command-line tool)

Port-to-process mapping the ability to determine which processes own which ports on your system. Existing Port-to-process mapping tools besides being difficult to set up, require client software to be installed on the remote systems that you wish to access.


There are many times you'll look at the results of a port-to-process mapper and wish to know the command-line arguments a particular process has been started with. Surprisingly, none of the available port-to-process mappers provide this capability. Only netport allows you to determine the command-line arguments of each process. netport also allows you to take MD5 hashes of the running processes.




netport's uses include -


  • port-to-process mapping

  • retrieving the command-line arguments of a process

  • retrieving a process md5 hashes

  • saving the results in XML or CSV formats



  • Installation

    Just copy netport onto your executable path. Executing netport with -h option displays its usage syntax.




    Usage

    The syntax is straightforward and easy to learn.




    Usage : netport [options..]

    -p < port/portlist >Find port-to-process mapping for a given port or ports

    -t < pid >Show TCP ports only

    u Show UDP ports only

    -n Do not resolve DNS names

    -c Show connected endpoints only (ESTABLISHED connections)

    -l Show listening ports only

    -sp < file >Sort by process ID

    -sn < file > Sort by process name

    -P a process full path.

    -C < file > Fetches command-line arguments for each process

    -Md5 < file > Takes MD5 hashes for each process

    -oh < outputfile >Generated HTML output

    -ox < outputfile >Generate XML output

    -oc < outputfile >Generate CSV output

    -? / -hDisplay help screen

    Arguments supplied to netps are case sensitive.







    Examples

    To lists all TCP and UDP ports available on the system along with their parent processes,


    netport


    To retrieve port-mapping for specific ports, use the -p switch


    netport -p 80,135-140,8080


    The default output file name is netport, if no output file name is supplied with the -ox/-oc switch. To save the results of netport to an XML file with a different name,


    netport -ox results.xml


    To list only connected endpoints, type


    netport -c


    To list command-line arguments as well as MD5 hashes of each process along with port-to-process mapping, type


    netport -C -Md5


    Operating Systems supported:

    netport has been tested on Windows NT 4.0 Server, Windows NT 4.0 workstation, Windows 2000, Windows XP and Windows 2003.


    netps is included in a command-line toolkit named NSTools from Net-Square, that aid in the administration and audit of remote Windows NT/2K/XP/2003 systems.