 gracie7Geek GoddessPremium
join:2003-07-15
confusion
1 edit | new tcpview less effective? tcpview from sysinternals is a frontline part of my security arsenal; the tool, a kind of netstat for nerds, shows listening tcp and udp ports, etc. in a friendly gui.
i'd been running 2.34 and if i'm not getting email or browsing, usually all that shows listening is:
SAV (ccapp for its realtime protection): as it should be
ZAP's vsmon: good work.
so all's well. (yes this is lean, but i've got 135, 139, 445, etc. all closed...told you i'm battened down  ).
then i found out that there was a new version 2.4, so naturally downloaded and installed, and ran it. and suddenly it only shows vsmon listening...no more sav.
so i ran a 2.34 version off cd, and there was the usual sav. so it is listening, but 2.4 for some reason is not showing it!
and yes, i have 'show unconnected endpoints' (these are ALL unconnected endpoints). i'm floored that for some reason the latest version of tcpview is not reporting accurately all the listening ports.
i've gone back to 2.34, but does anyone have any insight into what happened? why they stopped showing such critical info as an AV program's realtime protection listening? |
|
 BlitzenZeusBurnt Out CynicPremium
join:2000-01-13
kudos:2
 ·Frontier FiOS
| Look at this change on the download page, looks like they are removing abilities of the free version.
"If you like TCPView, you'll love TCPView Pro. TCPView Pro, a Winternals Software product, has a number of features that make it much more powerful and useful than TCPView: See what process has each endpoint opened (on Win9x as well)
* Watch the TCP and UDP activity processes perform in realtime
* Used advanced filtering to narrow in on what you want to see
* And much more...
TCPView Pro is available as part of Winternals Administrator's Pak. "
--
My hourly rates:
$25 per hour.
$35 per hour if you want to watch.
$45 per hour if you want to help.
$75 per hour if you tried to fix it, and failed.
The biggest error is sitting in front of your keyboard. |
|
 CudniLa Merma - VigiladoPremium,MVM
join:2003-12-20
Someshire
kudos:13 | reply to gracie7
Maybe also ask in their forum?
»www.sysinternals.com/Forum/
Usually their software gets better with every update but maybe this time something slipped?
I run both 2.3 and .4 side by side but couldn't notice any discrepancy
Cudni
--
Think locally, @#!? globally!Help yourself so God can help you |
|
| reply to BlitzenZeus
I don't think that's accurate. As far as I know, which admittedly isn't very far, TCPView Pro has been around for a long while, and the freeware TCPView has not ever had any of its extra features, and I don't think the freeware version is losing or has lost any of its own abilities, either.
I haven't experienced this with 2.4 myself, Graciella, but I have seen some pretty annoying instability problems.
--
And lead me not into temptation - for I can find my way there myself easily enough. |
|
gracie7Geek GoddessPremium
join:2003-07-15
confusion
1 edit | said by Tuulilapsi:I haven't experienced this with 2.4 myself, Graciella, but I have seen some pretty annoying instability problems. ack. are you by any chance running SAV or similar? that's one that 2.4 is missing but 2.34 picks up consistently.
cudni, i think i will post in their forum, thanx. {late edit: posted there this afternoon}
i too doubt that this is because of the pro version...it's not a special feature they have changed, it's that a regular listening process is not being listed suddenly. if it were a spyware process, i'd think they were bought off . j/k.
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide
Creating & Hosting SuperSites Worldwide |
|
| No, I'm not running Symantec's AV, but I can definitely confirm that my TCPView 2.4 shows svchost on the 135 epmap port, which you also reported missed by 2.4 in your original post.
--
And lead me not into temptation - for I can find my way there myself easily enough. |
|
|
|
gracie7Geek GoddessPremium
join:2003-07-15
confusion
1 edit | said by Tuulilapsi: my TCPView 2.4 shows svchost on the 135 epmap port, which you also reported missed by 2.4 in your original post. yes it was, and dang...i thought epmap was another port, and i had 135 off. i've been fooling with my network...;) and that temporarily opened up, but it's gone now. so the issue is the SAV only.
the point is, yeah, only vsmon shows in 2.4, while vsmon and ccapp (SAV) show in 2.34 at the same time. |
|
| That is very, very weird. I can't think of a proper explanation for that. It will definitely be interesting to see what people at the Sysinternals forum have to say about it. |
|
gracie7Geek GoddessPremium
join:2003-07-15
confusion | said by Tuulilapsi:It will definitely be interesting to see what people at the Sysinternals forum have to say about it. yup, hope i get a response. i see that there've been a number of views, but no replies yet »www.sysinternals.com/Forum/forum···=1&TPN=1 .
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide
Creating & Hosting SuperSites Worldwide |
|
| Wait a minute... could it be a problem with 2.34 instead? Do other programs (such as netstat, and openports from DiamondCS) agree with the older TCPView, or with the new 2.4?
--
And lead me not into temptation - for I can find my way there myself easily enough. |
|
 Mem
join:2002-01-03
White Plains, NY
·Verizon FiOS
·AT&T U-Verse
2 edits | reply to gracie7
Compare port programs |
Also, these comparisons were only made with an Admin account, not limited. |
|
gracie7Geek GoddessPremium
join:2003-07-15
confusion | said by Mem: TCPView did not include port 135 or KAV 5.0 (listed as System 1024). ta da! another one with the problem, albeit this time kav instead of sav (my port 135 is shut now, but during the brief moment it was open when i was fooling with the network, 2.34 showed it and 2.4 didn't.)
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide
Creating & Hosting SuperSites Worldwide |
|
gracie7Geek GoddessPremium
join:2003-07-15
confusion | reply to gracie7
Re: new tcpview less effective? UPDATE update: well, i posted my question in the sysinternals forum, but got no help there at all---doesn't seem very busy . i'm just spoiled by dslr i guess  .
anyway, just had an opportunity to try this out on a completely different computer, different hardware, but also running symantec corporate anti-virus client and tcpview 2.34. and it showed, among a couple of other appropriate things, ccapp's listening port, just like on mine.
then i ran tcpview 2.4, the updated one, on his computer, and sure enough---it didn't show ccapp! and did show the rest. just like on mine.
since i've been able to reproduce this on a completely different machine, i'm guessing that it's not totally unknown, but as i said, no responses over in sysinternals forum. so i'm back asking y'all...
thanx for any light you can shed...i do want to run the latest version, but it seems like i'm safer with the older version. ?
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide
Creating & Hosting SuperSites Worldwide |
|
Mem
join:2002-01-03
White Plains, NY Reviews:
·Verizon FiOS
·AT&T U-Verse
1 edit | If it's a choice between TCPView versions, I'd say stick with 2.34 for now. I'm using Port Explorer by DiamondCS ($), »www.diamondcs.com.au/portexplorer/ which includes other utilities as well so no need here for TCPView or Active Ports.
Edit: Word of warning - Port Explorer does add to the LSP. In a small number of cases, deletion of PE has given a corruption in the LSP, stopping Internet access. If you try the program, you may want to download LSP-Fix first: »www.cexx.org/lspfix.htm |
|
| reply to BlitzenZeus
Re: new tcpview less effective? What's the latest version for TCPView Pro? I am running 1.06, never upgraded it before.
--
Remember, I'm pulling for you - we are all in this together... |
|
gracie7Geek GoddessPremium
join:2003-07-15
confusion | reply to Mem
Re: new tcpview less effective? UPDATE said by Mem: Word of warning - Port Explorer does add to the LSP. In a small number of cases, deletion of PE has given a corruption in the LSP, good to know; though i don't use port explorer, it's a good caveat for me to keep in mind when i get an hysterical "help me" phone call . has diamond addressed that issue?
maple leaf, check the sysinternals website for the latest on tcpview pro...i only know and have used tcpview free, which is now at 2.4; i'd guess they keep the version fairly synched?
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide
Creating & Hosting SuperSites Worldwide |
|
| Site talks about TCP Tools, which include TCPView Professional Edition and TCPVStat - and TCP Tools are part of Administrator's Pak. But I don't see individual versions mentioned 
--
Remember, I'm pulling for you - we are all in this together... |
|
Mem
join:2002-01-03
White Plains, NY Reviews:
·Verizon FiOS
·AT&T U-Verse
| reply to gracie7
Yes, DiamondCS looked into it and it seemed to be PC specific (and very few instances at that). I haven't really heard of a problem with this since version 2 came out but thought it's a good thing to add since some may get the demo download from the link above. |
|
CudniLa Merma - VigiladoPremium,MVM
join:2003-12-20
Someshire
kudos:13 | reply to gracie7
I can't see ccapp running in either tcpview versions also using symantec corporate AV
Cudni
--
Think locally, @#!? globally!Help yourself so God can help you |
|
gracie7Geek GoddessPremium
join:2003-07-15
confusion | said by Cudni:I can't see ccapp running in either tcpview versions also using symantec corporate AV i should have specified SAV 9. when i was running SAV8, it didn't show either.
--
graciella! "not tonight dear, I have DSL."
Creating SuperOrganizations Worldwide
Creating & Hosting SuperSites Worldwide |
|
