What is Reddit's opinion of CurrPorts?

From 3.5 billion Reddit comments

fair enough. it shows the active connections on a given process. I would have had the download straight from their website, but unzipping on ahk is tedious and I would have had to use other scripts that I didn't make myself, so I moved the unzipped files to my own amazon s3 bucket.

You can do a checksum of the .exe and check here for its virustotal. I had scanned it with my own mbam before using it, and it came back clean on virustotal from mbam comodo kaspersky and trend, so thats really all I can do for you. I'm not going to try to decompile it and hunt through the sourcecode. It's regularly referenced among the top tools to use.

I am not sure if this is the info you are seeking, but I use good ol' currports to monitor traffic connections.

"CurrPorts is network monitoring software that displays the list of all currently opened TCP/IP and UDP ports on your local computer. For each port in the list, information about the process that opened the port is also displayed, including the process name, full path of the process, version information of the process (product name, file description, and so on), the time that the process was created, and the user that created it."

I would install Networx and CurrPorts.

Networx will log all traffic and give you daily, weekly, monthly, and yearly reports, dividing the information in hours so you can have a big picture of what is going on and when. You can opt to monitor all network interfaces or only one (ie: wired, wireless).

CurrPorts will allow you to see what applications are the ones with incoming and outgoing traffic. Just be sure to go to "Options > Autorefresh" menu, and select 5s (you may want to use a different time frame), because by default is set to "Disabled". You can right-click on any connection and Kill it if necessary, if you feel like doing so. You can also kill the process if you suspect is a malware one.

You could also run CPorts as admin and leave it open.
Once you see the program that is connecting to the site in the error msg (after it pops up), then you know who the offender is.

CPorts is a Nirsoft creation so you know it's safe.
http://www.nirsoft.net/utils/cports.html

Run CurrPorts as admin, look what process is using 127.0.0.1 8080. Right click the file and click process properties. Copy the location of the file. Go there with Windows Explorer. Upload the file to virustotal.com.

If your script is no longer working you probably have to change this text...

#IfWinActive, Path of Exile ahk_class Direct3DWindowClass

To...

#IfWinActive, Path of Exile ahk_class POEWindowClass

 

If your logout macro is the only thing that isn't working you'll probably need to download the 64bit version of currports...

http://www.nirsoft.net/utils/cports.html

 

then change your code from...

Run cports.exe /close * * * * PathOfExile.exe

to...

Run cports.exe /close * * * * PathOfExile_x64.exe

>In electronic communication, 'polling' is the continuous checking of other programs or devices by one progam or device to see what state they are in, usually to see whether they are still connected or want to communicate.

So that would make CurrPorts a polling tool as it continuously checks which ports your computer is using.

This is useful in cyberpatriots as it can help you find network activity that shouldn't be happening. Often times this can lead back to some malware or something and get you a point.

CurrPorts will show you which applications have connections open. Have you scanned your machine with something like MBAM?

I've been torrenting for years and never used peerblock...although I generally steer clear of first release movies and music...

MSE is a great product..highly recommended..

Once you close an app, it takes a while for the ports it was using to clear out...they sit in a 'Time_wait' mode...you can use something like currports to map the ports to the application on your system that is using them.

The military has cyber security tools that the public does not have.

The base monitors all information in and out of their own protected host servers.

They use somthing simular to THIS but much, much more powerful, and has backdoor access.

If you connect to any website from a military base, they see it.

Amazing thanks for the reply, I have looked at Netstat and CurrPorts so I can see the PIDS with associated apps and it's all normal stuff (firefox, spotify, svchost etc. ).

Thanks for the shout about [Symantec-2003-022517-2102-99] (2003.02.25) but I can't see any signs of infection and it is from 2003 + I regualry scan with MalwareBytes & AVG so should be good I think.

I guess the port is just coincidence

> want to see all, outbound connections

http://www.nirsoft.net/utils/cports.html

https://docs.microsoft.com/en-us/sysinternals/downloads/tcpview

> Anti-Virus / Anti-Malware

You can install Malwarebytes if you want, but Windows Defender has gotten really good, and there's very little need in installing any additional anti-virus software nowadays.

> OpenVPN client

No idea.

> Disk/Partition/file-as-disk encryption

You can use Bitlocker. Not sure if it does what you need to in particular, but check it out.

> What's the current status, and are there some must-have utilities for keeping a system in top shape?

Just as you don't use "cleaning" utilities on macOS, you don't use them on Windows either. The OS manages itself.

As for anything else, I would strongly recommend searching for apps that you might need in the Microsoft Store first, and downloading them through there if they exist. It uses a new software platform that is sandboxed and does not trash up your registry.

Update regularly and set up Active Hours in the Windows Update settings to avoid interruptions.

Also, I really hope you have an SSD, because otherwise Windows 10 is unusable.

That's about it. Welcome and have fun.

Grab this app, http://www.nirsoft.net/utils/cports.html

IT will show you what apps are running and what ports they are listening on. Make sure its listening on your correct port.

Rcon password is the admin password, listening i used 7777 and rcon prot is what i set it to. It should be able to connect to its local host i think, I've never tried connecting to the loopback.

When you get a chance, you might want to run netstat from the command line or download the very good currports from Nirsoft to see what the heck is using port 8003 that is being specified in your proxy settings. Double check the proxy settings first to make sure it is actually port 8003 still.

http://www.nirsoft.net/utils/cports.html#DownloadLinks

Probably the connection between you and your slingbox sucks and their proxy/vpn/relay is helping you by taking another route.

Check which port its using and block it at remote slingbox end or locally. Maybe check with this http://www.nirsoft.net/utils/cports.html

Oops, didn't see that, I just copied the link :)

Here are some notes I took on the connections Spotify was making:

Connections: 23.62.98.107 akamaitechnologies.com (CDN) Range: 23.0.0.0-23.67.255.255 54.93.102.141 amazonaws.com (Amazon Web Services) Range: 54.64.0.0-54.95.255.255 68.232.34.151 EdgeCast Networks (Content Delivery Network) Range: 68.232.32.0-68.232.47.255 173.192.220.64 sl-reverse.com (SoftLayer Technologies) (Cloud servers, big data) Range: 173.192.0.0-173.193.255.255 198.47.127.27 PubMatic (ads) Range: 198.47.127.0-198.47.127.255 216.52.2.70 Voxel Dot Net (Internet Hosting) Range: 216.52.0.0-216.52.3.255

Spotify Servers: 193.182.7.83 (sto3-accesspoint-a76.sto3.spotify.com) Range: 193.182.7.0-193.182.15.255 193.182.244.241 Spotify (Technology SARL) Range: 193.182.243.0-193.182.244.255

Spotify servers that (also) serve ads: 194.14.177.37 (sto3-accesspoint-a38.sto3.spotify.com) Range: 194.14.177.0-194.14.177.255 194.132.162.152 (sto3-weblb-wg4.sto3.spotify.com) Spotify Technology SARL Range: 194.132.162.0-194.132.162.255

Ad Servers: 198.47.127.27 PubMatic (ads) Range: 198.47.127.0-198.47.127.255

Other Servers: 66.117.28.68 Adobe Systems

I discovered the connections using http://www.nirsoft.net/utils/cports.html

I discovered the ranges by using http://ipaddress.com/

Depends on if the macro itself is tied to running only when PoE is active. Most macros check to see if PoE is the active window so they don't clash with your other apps. The underlying mechanism shouldn't need PoE to be running.

However, since you had trouble logging back in and the daily deal didn't come up, it looks like you were having a connection problem of some sort. If there's no communication happening between you and the server, trying to tell the server to log you out won't do anything because that information won't reach it.

I used CurrPorts to investigate the connections. It will try to resolve the domain names so you'll get an idea to who they belong. If that is not sufficient, you'll have to manually do a WHOIS query for those IPs online.

Turns out 203.208.43.12 belongs to Google. I would start with blocking 203.208.0.0 to 203.208.255.255, to see what that does.

Also remember, when adding a firewall rule, make sure that you use the full, absolute path to Spotify.exe. Windows Firewall does not support the %appdata% variable.

Good luck! Please let me know what works for you so I can add those IP ranges to SpotiWall too :)

Try restart router. If that doesnt work and you are on windows, try to run a command prompt with the following command ping -t server-ip-adress. You can get the ip from Currports You need to be logged on with the lol client to get it.

Just want to make people aware that this autohotkey script must be run as admin, downloads an executable from OP's server, and then executes it. Not accusing OP of doing anything evil, just letting people know.

The executable appears to be cports.exe from here for anyone who is curious: http://www.nirsoft.net/utils/cports.html.

Another vote for GlassWire. NetWorx is in the same line. Also take a look at CurrPorts and AdapterWatch.

Tried it on 2 PCs, both with Windows 7. Same result, even with the modifications you suggestions.

Since we started observing this, we installed CurrPorts, at http://www.nirsoft.net/utils/cports.html, in order to monitor and stop any such connections, manually.

When we Stop the application, and refresh the Currports screen, the connection is clearly still active.

You could download an open port tool like http://www.nirsoft.net/utils/cports.html. Or use netstat command in windows if thats what you're using to see currently used ports. Have you checked to see if your router is blocking things?

TCPView;

http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx

CurrPorts;

http://www.nirsoft.net/utils/cports.html

The often overlooked Microsoft Network Monitor;

http://www.microsoft.com/en-us/download/details.aspx?id=4865

In a ddos, for any netstat like tool, disable Name Resolution - otherwise, you're gonna have a bad time.