7.0.1.2 Class Activity – What’s Going On

Objectives

Identify the processes running on a computer, the protocol they are using, and their local and remote port addresses.

Background / Scenario

For a hacker to establish a connection to a remote computer, a port must be listening on that device. This may be due to infection by malware, or a vulnerability in a legitimate piece of software. A utility, such as TCPView, can be used to detect open ports, monitor them in real-time, and close active ports and processes using them.

Required Resources

  • PC with Internet access
  • TCPView software

Step 1: Download and install the TCPView software.

a. Click on the link below to reach the download page for TCPView.

http://technet.microsoft.com/en-us/sysinternals/tcpview.aspx

b. Create a folder on the desktop named “TCPView”.

c. Extract the contents of the zip to this new folder.

d. Double-click the Tcpview Application to start it.

e. Finally, Agree to the software license terms.

Step 2: Answer the following questions.

a. How many Endpoints are listed? ____________________________________________________________________

b. How many are Listening? ____________________________________________________________________

c. How many Endpoints are Established? ____________________________________________________________________

Step 3: Use a browser and observe the TCPView window.

a. Open the Options menu and click “Always on Top”.

Note: Use the Help section of the program to help you answer the following questions. b. Open any browser.

What happens in the TCPView window? _____________________________________________________________________

c. Browse to cisco.com.
What happens in the TCPView window? _____________________________________________________________________

d. Close the browser.
What happens in the TCPView window? _____________________________________________________________________

What do you think the colors mean? _____________________________________________________________________

Note: To close a process directly, right-click the process and choose End Process. Using this method can cause a program or the operating system to become unstable. Only end processes that you know are safe to end. This method can be used to stop malware from communicating.


Related Articles

Leave a Reply

avatar