PortSnoop: Identify, Stop Suspicious Network Traffic

The firewall included with Windows XP service pack 2 is a welcome addition to the Windows operating system. It does a great job of blocking unwanted communication between your computer and the Internet.

Whenever one of the programs on your system accesses a port that is not on the firewall's list of exceptions, Windows Firewall prompts you to select the option to give the program access or not. The problem with Windows Firewall is that it doesn't give much information about which ports an application is using. In addition, even after approving an application for the exception list, some applications still don't work because the firewall is blocking additional ports. In a Microsoft Knowledge Base article, Microsoft gives steps to find all the open ports and to match those ports to a list of processes. Then you can manually add these to the exception list. Considering how user-friendly the firewall is, you'd have thought they would have made it easier to find these ports and their associated applications. Having to run Netstat and Tasklist to find the port, process id, and the application takes a few too many steps in our opinion.

Another problem with the Windows Firewall is that it doesn't tell you anything about the program that is accessing the Internet. You might not have any idea which program it is or who publishes it. Our latest utility PortSnoop solves all of these problems.

PortSnoop is a network monitoring utility that displays all current applications accessing the network using the Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) protocol.

With PortSnoop you can: • Track and monitor applications with network connections. • Be alerted when unauthorized applications use network connections. • Terminate network connections and applications. • View detailed information for each running application including its threat level. • See total bytes sent and received through you network interface. • View current network bandwidth usage for all connections.

PortSnoop is part of PC Magazine's Downloads program, where Ziff-Davis analysts create utilities to help you get the most out of your computer. Check out the rest of the program description on the PC Magazine downloads page.

Copyright © 2005 Ziff Davis Media Inc. All Rights Reserved. Originally appearing in ExtremeTech.