Is there a program to identify what ports certain programs need?

[Nazo]

Ok, I know you can just use netstat to see your open connections, but that doesn't help me much when I have as many as I do right now. I'm thinking about trying again to set up my hub to be a hardware firewall, but if I do that I'm going to need to be able to figure out precicely what ports are needed for certain games and that sort of thing. Is there some sort of program that can watch what ports and addresses a particular program is connected to or attempting to connect to which can tell you specifically which program is using it?

 

[AgentxofxChaos]

Fport try this one, it is a very useful free tool.

 

[Nazo]

Thanks, this is PRECICELY what I needed, plus, with such things, I do kind of like having a console application more than a complicated GUI application.

 

[Ice Czar]

Ive used the previous interation of Foundstone's Fport
(it was called Vision) lots of other great freeware aps there as well.

Sysinternals also offers quite a selection of great freeware aps including TCPview

But for the most part I now just use the built in utility in Kerio Personal Firewall Free edition

in the slightly more advanced category (and not freeware)
Port Explorer
which is primarilly a security tool, including trojan detection, packet sniffing, country detection, bandwidth throttling of an individual program or socket, ect.

here is a good article on (and review of all the above except Kerio)
11 Port Enumerators @ Windows & .NET magazine

a few Excerpts

Fport
Foundstone's Fport (free) is probably the most recommended command-line port mapper in the business. It's a solid, small-footprint, command-line port enumerator that you can install quickly. Fport lists PIDs, process names, local port numbers, protocols, process executables, and paths. Although many people heap praise on this utility, it lacks key features. For example, it doesn't list local IP addresses, it doesn't give you remote IP addresses and port numbers, and it gives no indication of state or ongoing activity. I used a BO2K Trojan-horse client from a remote computer to connect to my computer, yet Fport didn't show any of that activity. I've also seen Fport miss certain open ports in the past. Fport was once a worthy sidekick, but after seeing some of the competition, I'll probably use another product for future investigations

TCPView
Sysinternals' TCPView (free) is a no-frills product. The utility runs as one executable and features a real-time GUI that displays the right information where you need to see it. It lists process name, PID, protocol, local and remote IP address and port number, and state. By clicking a process connection, you can obtain the full path location and take steps to kill the process. New activity is color-coded for easy viewing.

A free product that delivers the basics seems hard to beat. However, in my tests, TCPView suffered from stability problems on Windows NT Server 4.0. For example, when I chose to save screen results to a text file, the program disappeared or crashed. Also, in the past, I've experienced stability problems when I've installed TCPView on NT 4.0 workstations—namely, continuous blue screen problems starting immediately after the first reboot. However, the program is stable on newer Windows platforms. Sysinternals and Wininternals Software have released a lot of high-quality free and commercial software, but use this utility at your own risk on NT.

Initially, I was going to review TCPView Pro, which is TCPView's more feature-rich commercial cousin. However, an evaluation version wasn't available for download from the company's Web site. TCPView Pro appears to be available only as part of a large Administrator's Pak (i.e., one of five utilities).


Port Explorer
Diamond Computer Systems' (DiamondCS's) Port Explorer ($40) is easily the best product in this comparative review. It has an impressively designed GUI, is easy to install, is quite stable, produces a large amount of useful information without requiring you to dig, comes with a set of forensics tools, and highlights bad programs. If Port Explorer determines that a program is acting strangely, the tool marks the program's port in red. In my tests, the tool marked both the BO2K and NetBus Trojan-horse ports. After you install Port Explorer for the first time, it displays its Help file—a nice touch. It's the only port mapper to have its own discussion board, and its developers seem dedicated to making Port Explorer the best product in its class.

Apparently, Port Explorer uses as many as five separate methods—SNMP, LSP, an undocumented Transport Driver Interface (TDI) technique, and documented and undocumented IPHelper techniques—for tracking and identifying processes. In my testing, Port Explorer was the most accurate tool and was one of only two port mappers to display the remote IP address and port number of UPD connections on screen and in a log file