連接阜監控軟體：Port Explorer簡介

psac · 2004-08-06, 04:12 AM

「工欲善其事，必先利其器」，我們需要有一個好用的連接阜監控軟體。Port Explorer是一款非常易用的Windows版連接阜監控軟體。

http://diamondcs.fileburst.com/pedemosetup.exe
介紹：
What is Port Explorer?

Port Explorer allows you to see all the open ports on your system and what programs own them (called Port to Process mapping). Along with this ability it also has many tools including a packet sniffer, bandwidth throttling and country detection to name just a few. Port Explorer has an intuitive GUI that allows you to quickly see all the network activity your computer is involved in, and thanks to its ease of use is allowing people everywhere to do advanced network activities.

We believe Port Explorer is the leading program of its kind, and this independent review by Roger A. Grimes (author of Malicious Mobile Code: Virus Protection for Windows) came to the same conclusion after he compared 11 of the best port-to-process mappers available. Port Explorer has also won many prestigious awards.

Finds ALL open and active TCP and UDP ports on your system.
Packet Sniffing allows you to see what data applications are sending over the internet.
Country Detection shows what countries all the IP's on your system are from.
Bandwidth throttling allows you to restrict how much data a program or socket can receive or send.
Trojan Detection built in allowing you to quickly see any possible trojans.
Block or close open ports and processes on your system.
Six BONUS network utilities, including improved Ping, Resolve and Whois clients.
Easy to use graphical interface, totally configurable, no more fumbling around.
Low CPU, MEMORY and RESOURCE usage.

Featured articles:
Port Explorer: Powerful - Reliable - Accurate
Port Explorer: Many Apps In One
Hidden Server (Trojan) Detection
Packet-Sniffing With Socket Spy
Bandwidth Throttling: Controlling Socket Speeds
Problems Associated With Other Port-To-Process Mappers

Some of the main features include:
Port-to-process mapping allowing you to easily see which programs are using which ports/sockets.
IP-to-country resolving allowing you to easily see which country an IP address belongs to.
Packet-sniffing allowing you to spy on, record and analyse the transmissions sent/received by sockets and processes.
Hidden server detection allowing you to easily see invisible programs that use sockets - a method that generically detects virtually all known remote access trojans.
Bandwidth throttling allowing you to control the maximum send/receive speeds of sockets and processes.
Traffic Logging which logs all the socket information passing through your system.
Process termination with advanced Windows SeDebugPrivilege allowing you to terminate any Win32 process.
Socket termination allowing you to close individual sockets without affecting the parent process or other sockets.
Socket send/receive blocking allows you to prevent individual sockets from sending and/or receiving data.
Real-time activity watching
Traffic volume reporting allows you to see how many bytes and packets have been sent and received by individual sockets.
Socket creation reporting allows you to see when individual sockets were created.
Network utilities built-in allow you to Ping, Resolve, Traceroute, Whois, and view Statistics.
Whois search client with powerful fully-automatic and manual search options rivals standalone Whois clients in performance and results.
Advanced sorting with moveable and sortable columns and tabs allows you to analyse and filter on-screen data quickly and easily.
Internal databases allow you to cross-search ports and services, countries and domain codes.
World map allows you to see the geographic locations of resolved countries.
Multi-language support allows you to switch languages on the fly.
Configurable interface allowing you to give the program the exact look and feel you want.
Comprehensive documentation that is easy to understand allows you to quickly find the answer to virtually every question you'll ever have about Port Explorer.
Members area allows you to get instant support and answers when you need it, plus access to special members-only downloads.
Network Administrators will save time and effort in isolating, analysing and fixing network-related problems

　　這是為初學者以及進階使用者設計的Socket分析及探測工具。它支援了通訊埠與處理程序對應、反木馬程式以及網路竊聽，並且可以像Whois搜尋客戶端一樣。這軟體可以顯示所有的TCP與UDP接頭，以及每個接頭的狀況。使用者可以在每個接頭安排監視程序，然後隔離從任一個或所有的接頭接收或傳送的資訊。
http://www.diamondcs.com.au/portexplorer

　　　立即下載Port Explorer！
http://download.sina.com.cn/cgi-bin/....cgi?s_id=8222

　　可監控的連接阜

http://www.diamondcs.com.au/portexplorer/images/mainlogo.gif

　　使用Port Explorer可以很方便地檢視系統正在使用的連接阜狀態和動作，如圖1所顯示。從圖1可以看出，在Port Explorer視窗的上半部分以列表的形式列出了與TCP/IP有關的參數，其中英文對照和解釋如表1所顯示。

　　表1英文中文解釋

英文
中文
解釋

process
行程
可以簡單地理解為可執行程序

process id
行程標識
是操作系統給每個行程分配的惟一程式碼

protocol
傳輸協定
主要是tcp傳輸協定和udp傳輸協定

local address
近端網址
port explorer所在的主機ip位址

local port
本機連接阜
port explorer所在的主機ip位址的連接阜

remote address
遠端位址
與本地機ip位址連接阜通信的遠端主機ip位址

remote port
遠端連接阜
與本地機ip位址連接阜通信的遠端主機ip位址的連接阜

status
連接阜狀態
連接阜所處的狀態有「listening」（監聽）、「established」（已建立）兩種

sent
已傳送
連接阜傳送的資料包數量和字元數

received
已接收
連接阜接收的資料包數量和字元數

creation
新增時間
本行新增的時間

　　Port Explorer還具有分類顯示連接阜的功能，分別點擊「All」(所有)、「TCP」(TCP傳輸協定)、「UDP」(UDP傳輸協定)、「Remote」(遠端)、「Listening」(監聽)、「Established」(已建立的連接)選擇項，可以分別按上述的要求顯示符合條件的連接阜，如點擊「TCP」選擇項，列表中顯示TCP傳輸協定的相關資訊。

　　Port Explorer視窗的左下角有「42 Sockets(37 System，0 Hidden，5 Normal)」的字樣，這是什麼意思呢？這裡的Socket可不是指CPU插槽的Socket。在TCP/IP傳輸協定中，Socket是指一個IP加一個連接阜組成的一對參數，在Port Explorer上半部分的列表中，一行顯示一個Socket。一個網路應用程式至少要使用一個Socket。

　　Socket有三種：一種是操作系統本身使用的「系統Socket」；另一種是普通的應用程式使用的「普通Socket」；最後一種是「隱藏Socket」，應用程式的名稱在操作系統的工作列表中是看不見的，而使用Port Explorer就可以看出來。許多黑客程序就使用隱藏Socket，企圖在操作系統的工作列表中不被顯示出來。為了引起用戶的注意，Port Explorer使用紅色將隱藏Socket標注出來。

　　Port Explorer的列表是動態更新的，每隔幾秒就重新整理一次。這樣系統使用的連接阜以及相對應的IP位址、應用程式等資訊就可以一覽無餘了。Port Explorer就像一個攝像頭，它會把系統所有的Socket都記錄並顯示出來。

　　如果有不正常的Socket，你可以手動結束行程，或者禁止傳送或接收，也可以對這個行程進行詳細監視。在不正常的Socket上右擊滑鼠，會彈出一個表單，將滑鼠移至「Process」項，它有一個子表單，可以點擊「Kill Process」關閉行程。在驗證關閉行程後，Port Explorer就會強行關閉這個行程(如圖2所顯示)。

　　監控資料包

　　Port Explorer不僅可以監控行程和對應的連接阜，也可以監控資料包。監控資料包的界面在Port Explorer的下半部分，如圖1所顯示。

http://image2.sina.com.cn/IT/c/2003-05-29/1_2-68-898-534_20030529174643.jpg

圖1

　　從圖1的列中可以很清楚地看到每個資料包的參數，這對於排除網路故障和監控網路安全有重大的作用。各參數的中英文對照和解釋如表2所顯示。

表2英文中文解釋

英文
中文
解釋

#
　
資料包在port explorer的序號

time
時間
資料包產生的時間

process:id
行程：id
資料包所屬的行程及其標識

action
動作
資料包執行的動作，包括「open」（開啟）、「close」（關閉）、「send」（傳送）、「接收」（receive）四個動作

protocol
傳輸協定
資料包的傳輸協定類型，包括tcp和udp兩種

local address
近端網址
port explorer所在的主機ip位址及連接阜

remote address
遠端位址
與本地機位址連接阜通信的遠端主機ip位址及連接阜

status
狀態
資料包是否傳送或接收成功，有「success」（成功）和「failed」（失敗）兩種

bytes
字元數
資料包的字元數

　　通過Port Explorer，你知道如何全面地監控連接阜了。除了連接阜監控以外，Port Explorer還有許多強大的功能，由於篇幅所限，這裡不再一一詳述了，有興趣的讀者可以試一試。

http://image2.sina.com.cn/IT/c/2003-05-29/1_2-68-899-534_20030529174643.jpg

主畫面:

http://www.diamondcs.com.au/portexplorer/images/maindisplaysmall1.gif

Resolve Utility:

http://www.diamondcs.com.au/portexplorer/images/resolvesmall.gif

lookup utility:

http://www.diamondcs.com.au/portexplorer/images/lookupsmall.gif

ping :

whois utility:

http://www.diamondcs.com.au/portexplorer/images/whoissmall1.gif

2004-08-06, 04:12 AM	#1
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	連接阜監控軟體：Port Explorer簡介「工欲善其事，必先利其器」，我們需要有一個好用的連接阜監控軟體。Port Explorer是一款非常易用的Windows版連接阜監控軟體。 http://diamondcs.fileburst.com/pedemosetup.exe 介紹： What is Port Explorer? Port Explorer allows you to see all the open ports on your system and what programs own them (called Port to Process mapping). Along with this ability it also has many tools including a packet sniffer, bandwidth throttling and country detection to name just a few. Port Explorer has an intuitive GUI that allows you to quickly see all the network activity your computer is involved in, and thanks to its ease of use is allowing people everywhere to do advanced network activities. We believe Port Explorer is the leading program of its kind, and this independent review by Roger A. Grimes (author of Malicious Mobile Code: Virus Protection for Windows) came to the same conclusion after he compared 11 of the best port-to-process mappers available. Port Explorer has also won many prestigious awards. Finds ALL open and active TCP and UDP ports on your system. Packet Sniffing allows you to see what data applications are sending over the internet. Country Detection shows what countries all the IP's on your system are from. Bandwidth throttling allows you to restrict how much data a program or socket can receive or send. Trojan Detection built in allowing you to quickly see any possible trojans. Block or close open ports and processes on your system. Six BONUS network utilities, including improved Ping, Resolve and Whois clients. Easy to use graphical interface, totally configurable, no more fumbling around. Low CPU, MEMORY and RESOURCE usage. Featured articles: Port Explorer: Powerful - Reliable - Accurate Port Explorer: Many Apps In One Hidden Server (Trojan) Detection Packet-Sniffing With Socket Spy Bandwidth Throttling: Controlling Socket Speeds Problems Associated With Other Port-To-Process Mappers Some of the main features include: Port-to-process mapping allowing you to easily see which programs are using which ports/sockets. IP-to-country resolving allowing you to easily see which country an IP address belongs to. Packet-sniffing allowing you to spy on, record and analyse the transmissions sent/received by sockets and processes. Hidden server detection allowing you to easily see invisible programs that use sockets - a method that generically detects virtually all known remote access trojans. Bandwidth throttling allowing you to control the maximum send/receive speeds of sockets and processes. Traffic Logging which logs all the socket information passing through your system. Process termination with advanced Windows SeDebugPrivilege allowing you to terminate any Win32 process. Socket termination allowing you to close individual sockets without affecting the parent process or other sockets. Socket send/receive blocking allows you to prevent individual sockets from sending and/or receiving data. Real-time activity watching Traffic volume reporting allows you to see how many bytes and packets have been sent and received by individual sockets. Socket creation reporting allows you to see when individual sockets were created. Network utilities built-in allow you to Ping, Resolve, Traceroute, Whois, and view Statistics. Whois search client with powerful fully-automatic and manual search options rivals standalone Whois clients in performance and results. Advanced sorting with moveable and sortable columns and tabs allows you to analyse and filter on-screen data quickly and easily. Internal databases allow you to cross-search ports and services, countries and domain codes. World map allows you to see the geographic locations of resolved countries. Multi-language support allows you to switch languages on the fly. Configurable interface allowing you to give the program the exact look and feel you want. Comprehensive documentation that is easy to understand allows you to quickly find the answer to virtually every question you'll ever have about Port Explorer. Members area allows you to get instant support and answers when you need it, plus access to special members-only downloads. Network Administrators will save time and effort in isolating, analysing and fixing network-related problems 　　這是為初學者以及進階使用者設計的Socket分析及探測工具。它支援了通訊埠與處理程序對應、反木馬程式以及網路竊聽，並且可以像Whois搜尋客戶端一樣。這軟體可以顯示所有的TCP與UDP接頭，以及每個接頭的狀況。使用者可以在每個接頭安排監視程序，然後隔離從任一個或所有的接頭接收或傳送的資訊。 http://www.diamondcs.com.au/portexplorer 　　　立即下載Port Explorer！ http://download.sina.com.cn/cgi-bin/....cgi?s_id=8222 　　可監控的連接阜　　使用Port Explorer可以很方便地檢視系統正在使用的連接阜狀態和動作，如圖1所顯示。從圖1可以看出，在Port Explorer視窗的上半部分以列表的形式列出了與TCP/IP有關的參數，其中英文對照和解釋如表1所顯示。　　表1英文中文解釋英文中文解釋 process 行程可以簡單地理解為可執行程序 process id 行程標識是操作系統給每個行程分配的惟一程式碼 protocol 傳輸協定主要是tcp傳輸協定和udp傳輸協定 local address 近端網址 port explorer所在的主機ip位址 local port 本機連接阜 port explorer所在的主機ip位址的連接阜 remote address 遠端位址與本地機ip位址連接阜通信的遠端主機ip位址 remote port 遠端連接阜與本地機ip位址連接阜通信的遠端主機ip位址的連接阜 status 連接阜狀態連接阜所處的狀態有「listening」（監聽）、「established」（已建立）兩種 sent 已傳送連接阜傳送的資料包數量和字元數 received 已接收連接阜接收的資料包數量和字元數 creation 新增時間本行新增的時間　　Port Explorer還具有分類顯示連接阜的功能，分別點擊「All」(所有)、「TCP」(TCP傳輸協定)、「UDP」(UDP傳輸協定)、「Remote」(遠端)、「Listening」(監聽)、「Established」(已建立的連接)選擇項，可以分別按上述的要求顯示符合條件的連接阜，如點擊「TCP」選擇項，列表中顯示TCP傳輸協定的相關資訊。　　Port Explorer視窗的左下角有「42 Sockets(37 System，0 Hidden，5 Normal)」的字樣，這是什麼意思呢？這裡的Socket可不是指CPU插槽的Socket。在TCP/IP傳輸協定中，Socket是指一個IP加一個連接阜組成的一對參數，在Port Explorer上半部分的列表中，一行顯示一個Socket。一個網路應用程式至少要使用一個Socket。　　Socket有三種：一種是操作系統本身使用的「系統Socket」；另一種是普通的應用程式使用的「普通Socket」；最後一種是「隱藏Socket」，應用程式的名稱在操作系統的工作列表中是看不見的，而使用Port Explorer就可以看出來。許多黑客程序就使用隱藏Socket，企圖在操作系統的工作列表中不被顯示出來。為了引起用戶的注意，Port Explorer使用紅色將隱藏Socket標注出來。　　Port Explorer的列表是動態更新的，每隔幾秒就重新整理一次。這樣系統使用的連接阜以及相對應的IP位址、應用程式等資訊就可以一覽無餘了。Port Explorer就像一個攝像頭，它會把系統所有的Socket都記錄並顯示出來。　　如果有不正常的Socket，你可以手動結束行程，或者禁止傳送或接收，也可以對這個行程進行詳細監視。在不正常的Socket上右擊滑鼠，會彈出一個表單，將滑鼠移至「Process」項，它有一個子表單，可以點擊「Kill Process」關閉行程。在驗證關閉行程後，Port Explorer就會強行關閉這個行程(如圖2所顯示)。　　監控資料包　　Port Explorer不僅可以監控行程和對應的連接阜，也可以監控資料包。監控資料包的界面在Port Explorer的下半部分，如圖1所顯示。圖1 　　從圖1的列中可以很清楚地看到每個資料包的參數，這對於排除網路故障和監控網路安全有重大的作用。各參數的中英文對照和解釋如表2所顯示。表2英文中文解釋英文中文解釋 # 　資料包在port explorer的序號 time 時間資料包產生的時間 process:id 行程：id 資料包所屬的行程及其標識 action 動作資料包執行的動作，包括「open」（開啟）、「close」（關閉）、「send」（傳送）、「接收」（receive）四個動作 protocol 傳輸協定資料包的傳輸協定類型，包括tcp和udp兩種 local address 近端網址 port explorer所在的主機ip位址及連接阜 remote address 遠端位址與本地機位址連接阜通信的遠端主機ip位址及連接阜 status 狀態資料包是否傳送或接收成功，有「success」（成功）和「failed」（失敗）兩種 bytes 字元數資料包的字元數　　通過Port Explorer，你知道如何全面地監控連接阜了。除了連接阜監控以外，Port Explorer還有許多強大的功能，由於篇幅所限，這裡不再一一詳述了，有興趣的讀者可以試一試。主畫面: Resolve Utility: lookup utility: ping : whois utility:

	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次

Google 提供的廣告