OSTU - CurrPorts QuickStart (by Tony Fortunato & Peter Ciuffreda)
•Download as PPT, PDF•
1 like•1,258 views
Tony Fortunato is a Senior Network Specialist with experience in design, implementation, and troubleshooting of LAN/WAN/Wireless networks, desktops and servers since 1989. His background in financial networks includes design and implementation of trading floor networks. Tony has taught at local high schools, Colleges/Universities, Networld/Interop and many onsite private classroom settings to thousands of analysts.
![What is CurrPorts? ,[object Object],[object Object],[object Object],[object Object],[object Object]](data:image/gif;base64,R0lGODlhAQABAIAAAAAAAP///yH5BAEAAAAALAAAAAABAAEAAAIBRAA7)
More Related Content
What's hot
What's hot (15)
Similar to OSTU - CurrPorts QuickStart (by Tony Fortunato & Peter Ciuffreda)
Similar to OSTU - CurrPorts QuickStart (by Tony Fortunato & Peter Ciuffreda) (20)
More from Denny K
More from Denny K (20)
Recently uploaded
Recently uploaded (20)
OSTU - CurrPorts QuickStart (by Tony Fortunato & Peter Ciuffreda)
- 1. CurrPorts Training with Windows QuickStart Tony Fortunato, Sr Network Specialist Peter Ciuffreda, Network Technician The Technology Firm
- 5. Recommended Options For Active Sessions DEFAULT Suggested
- 6. Recommended Options For An Application Profile DEFAULT
- 14. Pros and Cons Pro Cons Filtering helpful Limited commands and specific syntax Logging Dependant on the Refresh Rate Refresh Rate configurable May miss connections if they open/close within Refresh rate Great for Novice or to take a quick peek of port usage Inconsistently reports connections used Would recommend this utility despite its short comings
- 15. CurrPORTS Training - QuickStart Tony Fortunato, Sr Network Specialist Peter Ciuffreda, Network Technician The Technology Firm Thank you
Editor's Notes
- Hello , It’s Tony Fortunato And Peter Ciuffreda from the Technology Firm In this session we are going to use CurrPorts to do some TCP/UDP port and application analysis Enjoy
- Peter: so What is CurrPorts? Tony: It is a TCP/UDP port and application analysis tool used to display and log all currently open connections on your local computer. Peter: Does this application require installation? Tony: Well actually it doesn’t require an install. All you need to do is download it and put it in any folder which you would like to access it from. Peter: In other words it’s a portable app. I could also run it off of a portable storage device such as a USB flash drive. Tony: Yup, that’s right.
- Peter: Why would we use CurrPorts? Tony: Like stated before, it is used for TCP/UDP port and application analysis. Peter: So could you use it to discover how many ports an application uses, and estimate how long the ports stay open. Tony: Exactly. We can also use it to kill processes that opened specific ports. Peter: Why would we want to kill a process? Tony: Well, if a process is using too many connections, you can kill it to try and speed up your other connections if needed. Also, if you know that you have a port limitation on connections, we can use CurrPorts to help stay within those limits. CurrPorts can also detect and mark with pink, suspicious ports being used by unknown applications.
- Tony: The main window of CurrPorts displays all connections currently open, the Process Name of the application, the port and the IP of both the local and remote machines. Peter: From this screen capture we can see that the processes highlighted in green are the active connections. Tony: As discussed previously, the process highlighted in pink is an unknown application marked as suspicious. In this example we used the application IPERF which caused the suspicious process. Peter: If the active connections are marked in green, and the suspicious in red, then the unmarked processes (meaning the white) must be inactive, or applications that are listening. Tony: That’s right.
- Peter: When CurrPorts is started for the first time, all the displayed options are turned on in the options menu. But are they all needed? Tony: Depending on what you are looking for you can change your display preferences. If you only want to see what processes are open or established, it would be a good idea to turn off display listening and display closed.
- Peter: Why would we want all display options on? Tony: If you wanted to profile how a specific application uses ports you would want to have all options on. Peter: This would let us know if an application uses ports for listening, and if those ports are different than the ones it uses for active connection. Tony: That’s right.
- Peter: From the Options Menu, we can set and change the auto refresh rate of the screen. Tony: The auto refresh rate also affects how often the log is updated. We will get into how to use the logs a bit later. Peter: It looks like we can also disable the auto refresh option. Tony: Disabling the auto refresh option means that the screen won’t refresh itself and your currently used processes will remain, but no new processes will appear and no old processes will disappear. Peter: This could be handy if you want to examine a certain process that appeared. You can always change the refresh rate back when you are done examining. Tony: Note that nowhere on the auto refresh option or on the screen does it inform you of the current refresh rate. The best way to find out what it is set to is to just reset it to your desired rate.
- Peter; in this example the red application opened and closed a port within the refresh rate of 2 seconds. Therefore nothing would be displayed. Tony, The green application opened before the first refresh period and closed within the next interval. So you would see this application displayed with its relevant port information.
- Tony: A nice feature in CurrPorts is the ability for filtering. Peter: We could use this feature to include or exclude specific processes, ports, or even IP addresses. Tony: The only issue with the filters option is that the syntax’s need to be exact. It is best to follow the examples in the Edit Filter window. You must have your Include or Exclude as the first thing in the syntax. Peter: Note that CurrPorts will not warn you if your syntax isn’t in the right format, it simply won’t work. This can be easily seen because processes or ports show up that shouldn’t.
- Tony: Another helpful option is the logging feature which allows you to save a log file of the process that appears in CurrPorts. This is from the time you turn on the Log Changes option under the file menu, until it is turned off. Peter: Logging your files is a nice feature since it allows you to look back through the log in case there was something you missed when you took your eyes off the screen for a few seconds. Tony: We will see an example of a log file a bit later.
- Peter: It would be great to see how everything in CurrPorts works. Tony: Lets show an example then of how CurrPorts can be used to examine a bittorrent client called uTorrent. Peter: First off, lets open the uTorrent application to discover what its process name appears as in CurrPorts. Once we get the process name we can create a filter to remove all other processes except uTorrent. Tony: Once the filter is created, we can set an auto refresh value of 2 seconds to see the most current changes. Peter: If you take a look at the main screen you should notice only processes for uTorrent. Tony: It would also be a good idea to create a log file to review later.
- Peter: The log files show the date and time processes are added or removed, along with the process name, and both the local and remote IP addresses and the TCP or UDP port number.
- Tony: For the sake of comparison lets open both CurrPorts and Wireshark to validate the accuracy of CurrPorts. Peter: We noticed that Wireshark is showing that in this case 2 TCP ports and 7 UDP were opened. Although when looking at the CurrPorts log file we can only see 1 TCP and 2 UDP port connections were established. Tony: The other port connections have not been logged if they happened within the 2 seconds between refreshes. This can make is difficult to capture short-lived connections.
- Peter: Even though CurrPorts doesn’t appear to capture connections under 2 seconds it is still a nice application for finding out what ports applications use. Tony: The filtering feature is very powerful for concentrating on specific process, ports, etc, unfortunately you must be exact with your syntax’s in order for the filters to work. Peter: having the log files is also a nice feature to look back on things you may have misses, but it is also dependant on the refresh rate and you may miss some connections. Tony: Despite a few short comings I would still recommend this utility for your network toolbox.
- Tony: Hope you enjoyed this tip Peter: Have a good day folks, bye for now.