Have you ever been in a situation where you have a server that's connecting to another server via a known port that you can track down, but for the life of you can't figure out what application is doing it?
I ran into a server where Surfcontrol now known as WebTrends was reporting that a connection was occurring to another server. There was a rule in Surfcontrol that was blocking the connection. Because of the multiple attempts per second being blocked, it caused the Surfcontrol app to go bonkers and consume loads of CPU resources. I did the usual of netstat -A, didn't see what was connecting to an http port. I checked services, msconfig, run in reg, and taskman. I couldn't identify what was attempting to connect...
PortReporter to the rescue. PortReporter is a small app that is available from Microsoft: http://support.microsoft.com/?id=837243.
You need to pass the WGA test to download it. After that:
- Unzip the application to a directory you can access, I made one called portreporter on the desktop
- Run pr-setup.exe
- Go to Services, and turn on the service called portreporter
- Go to C:\Program Files\port reporter\ and run port reporter
- Go to C:\Windows\system32\log files\port reporter\ and you will see your report here.
Happy port application hunting...
