PORT-ENUMERATION TOOLS
If you find that the egress filters on your perimeter networks are blocking communication from unauthorized ports, you should always research those ports to determine the intent of the communication. Your egress filter log should tell you which computer made an unauthorized attempt, and from that point you need to track down which program on the computer was involved. The process of tying the program or service to the TCP/IP port it uses is called port enumeration. Several free and relatively cheap tools are available to do the job, including Microsoft's own Netstat (try Netstat -ano or Netstat -b in Windows XP Service Pack 2--SP2), Fport (http://www.foundstone.com), TCPView (http://www.sysinternals.com), and Port Explorer (http://www.diamondcs.com). For a roundup of such tools, see "11 Port Enumerators," November 2003, InstantDoc ID 40313. Also, consider using an Intrusion Detection System (IDS) or network protocol sniffer to help with application identity. For an overview of sniffers, see "6 Network Protocol Analyzers," July 2004, InstantDoc ID 42922.
