question

AndreaVironda-1776 avatar image
0 Votes"
AndreaVironda-1776 asked JiangZhang-MSFT edited

Open connections

Hi,
I'd like to investigate which ports and which server are used during the opening and the use of a Windows software.
How can I sniff those data?

windows-10-network
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

DSPatrick avatar image
0 Votes"
DSPatrick answered AndreaVironda-1776 commented

sysmon, tcpview, or wireshark may be good options for you.

--please don't forget to upvote and Accept as answer if the reply is helpful--


· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I've installed Sysmon following a config xml i found on github and now i'm able to track also Id event 3.
I can see connections by Telegram and OneDrive for example. But nothing from Edge. Is there any reason? I've used it a lot during testing

0 Votes 0 ·
DSPatrick avatar image
0 Votes"
DSPatrick answered

You could try them here for questions specific to sysmon.
https://docs.microsoft.com/en-us/answers/topics/windows-sysinternals-sysmon.html

--please don't forget to upvote and Accept as answer if the reply is helpful--


5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

JiangZhang-MSFT avatar image
0 Votes"
JiangZhang-MSFT answered JiangZhang-MSFT edited

Hi,
By finding open ports on a device and what services are running in windows, you can simply type netstat in CMD or check with the following Microsoft tools:
Netstat (network statistics) is a command-line network utility. It is used for finding problems in the network and to determine the amount of traffic on the network as a performance measurement.
For example, on Microsoft Windows, to display the statistics for only the TCP or UDP protocols, type one of the following commands:
“netstat -sp tcp
netstat -sp udp” or choose

Microsoft Message Analyzer
Microsoft Network Monitor

Then there are some tools except for Microsoft products as follows.

Sysmon
Tcpview
Wireshark
SolarWinds Port Scanner
ManageEngine OpUtils
Nmap
Angry IP Scanner
Netcat
Online IP Scanning tools
CurrPorts
Process Monitor
Process Explorer
LiveTcpUdpWatch
AppNetworkCounter
SmartSniff
SocketSniff
SysTracer

Please note: The mentioned product is owned and operated by a third party. Microsoft has no control regarding to the product's performance and reliability.


Best Regards,
Mulder Zhang


If the Answer is helpful, please click "Accept Answer" and upvote it.
Note: Please follow the steps in our documentation to enable e-mail notifications if you want to receive the related email notification for this thread.



5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.