Click here to get back home

How to Detect All Connections?
 HomeNewsGroups | Search | About
Login Password
Register Now!
 microsoft.public.windows.server.security    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content
Subject Author Date
How to Detect All Connections? Jim Moon 10-19-2005
Posted by Jim Moon on October 19, 2005, 2:34 pm
Please log in for more thread options
 I'd like to know what system tools, etc., to use in the detection of all
connections to a Windows Server 2003 machine.

I already know to look here:
1) Administrative Tools -->
Terminal Services Manger

2) Compuer Management -->
System Tools -->
Shared Folders

3)Microsoft SQL Servers-->
(local) -->
Management -->
Current Activity


Where else might I look to find any other connections to Windows Server
2003?

Much thanks,
Jim




Posted by Chris Weber [Security MVP] on October 19, 2005, 12:50 pm
Please log in for more thread options
 from the command line, run:

netstat -ano

This will list all open TCP/UDP connections mapped to the connected host,
and mapped to the process. If you'd like a graphical view, download TCPView
from sysinternals and you'll see every open TCP/UDP connection to your host.

--
Chris Weber
Security MVP


> I'd like to know what system tools, etc., to use in the detection of all
> connections to a Windows Server 2003 machine.
>
> I already know to look here:
> 1) Administrative Tools -->
> Terminal Services Manger
>
> 2) Compuer Management -->
> System Tools -->
> Shared Folders
>
> 3)Microsoft SQL Servers-->
> (local) -->
> Management -->
> Current Activity
>
>
> Where else might I look to find any other connections to Windows Server
> 2003?
>
> Much thanks,
> Jim
>




Posted by Jim Moon on October 19, 2005, 3:15 pm
Please log in for more thread options
Thanks, Chris.

"netstat -ano" and TCPView should take care of my connection detection
issue!

Jim



> from the command line, run:
>
> netstat -ano
>
> This will list all open TCP/UDP connections mapped to the connected host,
> and mapped to the process. If you'd like a graphical view, download
> TCPView from sysinternals and you'll see every open TCP/UDP connection to
> your host.
>
> --
> Chris Weber
> Security MVP
>
>
>> I'd like to know what system tools, etc., to use in the detection of all
>> connections to a Windows Server 2003 machine.
>>
>> I already know to look here:
>> 1) Administrative Tools -->
>> Terminal Services Manger
>>
>> 2) Compuer Management -->
>> System Tools -->
>> Shared Folders
>>
>> 3)Microsoft SQL Servers-->
>> (local) -->
>> Management -->
>> Current Activity
>>
>>
>> Where else might I look to find any other connections to Windows Server
>> 2003?
>>
>> Much thanks,
>> Jim
>>
>
>




Posted by Steven L Umbach on October 21, 2005, 10:59 am
Please log in for more thread options
Also consider looking in the security logs for logon events for users that
have authenticated or attempted to be authenticated to your computer. Use
Local Security Policy [secpol.msc] to make sure that auditing of logon
events is enabled for success and failure and be sure to increase the size
of the security log to at least 20MB as it is very small by default. ---
Steve



> I'd like to know what system tools, etc., to use in the detection of all
> connections to a Windows Server 2003 machine.
>
> I already know to look here:
> 1) Administrative Tools -->
> Terminal Services Manger
>
> 2) Compuer Management -->
> System Tools -->
> Shared Folders
>
> 3)Microsoft SQL Servers-->
> (local) -->
> Management -->
> Current Activity
>
>
> Where else might I look to find any other connections to Windows Server
> 2003?
>
> Much thanks,
> Jim
>




Posted by Jim Moon on October 21, 2005, 5:11 pm
Please log in for more thread options
Thanks, Steven. That sounds like great advice!

Jim


> Also consider looking in the security logs for logon events for users that
> have authenticated or attempted to be authenticated to your computer. Use
> Local Security Policy [secpol.msc] to make sure that auditing of logon
> events is enabled for success and failure and be sure to increase the size
> of the security log to at least 20MB as it is very small by default. ---
> Steve
>
>
>
>> I'd like to know what system tools, etc., to use in the detection of all
>> connections to a Windows Server 2003 machine.
>>
>> I already know to look here:
>> 1) Administrative Tools -->
>> Terminal Services Manger
>>
>> 2) Compuer Management -->
>> System Tools -->
>> Shared Folders
>>
>> 3)Microsoft SQL Servers-->
>> (local) -->
>> Management -->
>> Current Activity
>>
>>
>> Where else might I look to find any other connections to Windows Server
>> 2003?
>>
>> Much thanks,
>> Jim
>>
>
>




Similar ThreadsPosted
How to detect keylogging / screen captuer software September 6, 2007, 9:51 pm
GPO to prevent access to IE's Connections tab? February 10, 2008, 5:17 pm
How to close outgoing connections without using 3-rd party software? January 31, 2006, 1:34 pm
Firewalls That Report / Filter Just Incoming Connections? November 1, 2006, 9:57 pm
windows 2k - enabling acces to network connections for non-administrative users December 14, 2006, 8:00 am

Our other projects:

Art Dolls, Fairies and Mermaids - Sunnyfaces.net

Roy's Linux, Programming and Search Engines messages

1-Script XML SitemapXML Sitemap