Hi,
I'd like to investigate which ports and which server are used during the opening and the use of a Windows software.
How can I sniff those data?
Hi,
I'd like to investigate which ports and which server are used during the opening and the use of a Windows software.
How can I sniff those data?
sysmon, tcpview, or wireshark may be good options for you.
--please don't forget to upvote and Accept as answer if the reply is helpful--
I've installed Sysmon following a config xml i found on github and now i'm able to track also Id event 3.
I can see connections by Telegram and OneDrive for example. But nothing from Edge. Is there any reason? I've used it a lot during testing
You could try them here for questions specific to sysmon.
https://docs.microsoft.com/en-us/answers/topics/windows-sysinternals-sysmon.html
--please don't forget to upvote and Accept as answer if the reply is helpful--
Hi,
By finding open ports on a device and what services are running in windows, you can simply type netstat in CMD or check with the following Microsoft tools:
Netstat (network statistics) is a command-line network utility. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.
For example, on Microsoft Windows, to display the statistics for only the TCP or UDP protocols, type one of the following commands:
“netstat -sp tcp
netstat -sp udp” or choose
Microsoft Message Analyzer
Microsoft Network Monitor
Then there are some tools except for Microsoft products as follows.
Sysmon
Tcpview
Wireshark
SolarWinds Port Scanner
ManageEngine OpUtils
Nmap
Angry IP Scanner
Netcat
Online IP Scanning tools
CurrPorts
Process Monitor
Process Explorer
LiveTcpUdpWatch
AppNetworkCounter
SmartSniff
SocketSniff
SysTracer
Please note: The mentioned product is owned and operated by a third party. Microsoft has no control regarding to the product's performance and reliability.
Best Regards,
Mulder Zhang
If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.
6 people are following this question.