TCPView
"TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows Server 2008, Vista, and XP, TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows. The TCPView download includes Tcpvcon, a command-line version with the same functionality." (official definition)
This is a good time to mention that Windows has a built-in utility that provides the same functionality. This tool is called Resource Monitor. There are many ways to open this tool. From the command line use resmon.
Expand TCP Connections to view the Remote Address for each Process with an outbound connection.
This tool can also be called from the Performance tab within Task Manager. Look at the bottom left for the link to open Resource Monitor.
Now back to TCPView.
The below image shows the default view for TCPView.
In the below image, I unselected Show Unconnected Endpoints in the Options menu.
Now the output only displays processes with an established outbound connection.
Other tools fall under the Networking Utilities category. I encourage you to explore these tools at your own leisure.
Link: https://docs.microsoft.com/en-us/sysinternals/downloads/networking-utilities
Answer the questions below
Using WHOIS tools, what is the ISP/Organization for the remote address in the screenshots above?
How to: I tried using the WHOIS tools on the windows system but it kept getting the output “The requested name is valid, but no data of the requested type was found.” So to start off go to https://whois.domaintools.com and type in the search bar the IP from the remote machine above (52.242.211.89) click search. Now look for organization, copy the name and paste it over in the answer box.
Answer: Microsoft Corporation
No comments:
Post a Comment