Help - Search - Members - Calendar
Full Version: ProcessXP & TCPView
B.I.S.S. Forums > Internet Security Forum > Security Tool Database
Moore
Mar 15 2004, 10:36 AM
################
ProcessXPlorer
################


Ever wondered which program has a particular file or directory open? Now you can find out. Process Explorer shows you information about which handles and DLLs processes have opened or loaded.

QUOTE
The Process Explorer display consists of two sub-windows. The top window always shows a list of the currently active processes, including the names of their owning accounts, whereas the information displayed in the bottom window depends on the mode that Process Explorer is in: if it is in handle mode you’ll see the handles that the process selected in the top window has opened; if Process Explorer is in DLL mode you’ll see the DLLs and memory-mapped files that the process has loaded. Process Explorer also has a powerful search capability that will quickly show you which processes have particular handles opened or DLLs loaded.

The unique capabilities of Process Explorer make it useful for tracking down DLL-version problems or handle leaks, and provide insight into the way Windows and applications work.

What's new in Version 8.30:

Runs in non-admin account
Treeview functionality to collapse and expand process subtrees
Can bring process-owned window to the foreground
System CPU graph shows timestamps and most-active process for any given point
Per-process graph data tracked even when main window is minimized to tray
Per-process graph data displays timestamps
Tray icon has black background
Process tooltip no longer between mouse pointer and process name
Ability to add a comment to processes and new comment column
More system information, including I/O deltas and paging data
New process columns for I/O delta and page-fault delta
More process performance information in process properties dialog
Improved performance

http://www.sysinternals.com/ntw2k/freeware...e/procexp.shtml

http://www.sysinternals.com/ntw2k/utilities.shtml
Moore
Mar 15 2004, 10:37 AM
TCPView is a Windows program that will show you detailed listings of all TCP and UDP endpoints on your system, including the local and remote addresses and state of TCP connections. On Windows NT, 2000 and XP TCPView also reports the name of the process that owns the endpoint. TCPView provides a more informative and conveniently presented subset of the Netstat program that ships with Windows.


Using TCPView
When you start TCPView it will enumerate all active TCP and UDP endpoints, resolving all IP addresses to their domain name versions. You can use atoolbar button or menu item to toggle the display of resolved names. On Windows XP systems, TCPView shows the name of the process that owns each endpoint.

By default, TCPView updates every second, but you can use the Options|Refresh Rate menu item to change the rate. Endpoints that change state from one update to the next are highlighted in yellow; those that are deleted are shown in red, and new endpoints are shown in green.

You can close established TCP/IP connections (those labeled with a state of ESTABLISHED) by selecting File|Close Connections, or by right-clicking on a connection and choosing Close Connections from the resulting context menu.

You can save TCPView's output window to a file using the Save menu item.

http://www.sysinternals.com/ntw2k/source/tcpview.shtml
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
Invision Power Board © 2001-2012 Invision Power Services, Inc.