G-Lock Software

              G-Lock Software \ Products \ AATools \ Report examples\ Network Monitor (NetMon) Report

  AATools Network Monitor (NetMon) maps the ports in use to their respective applications (this feature is available under Windows NT/2000/XP) providing a simple and easy solution to tracking application to port maps. This mapping is extremely useful while monitoring unwanted connections, investigating suspected trojans, viruses, and possible backdoors intrusions. The information AATools conveys is simple to understand, easy to assimilate, and conducting a network integrity test for intruders is likewise, very simple.

Below is an example of the HTML report produced by the AATools Network Monitor (NetMon) utility

Network Monitor Report [Computer: VICONT; Date: 1/29/2002 7:24:57 PM]

Connection
Protocol

Local IP

Local Port

Remote IP

Remote Host Name

Remote Port

 State

 PID

Process

Path
TCP

192.168.0.55

1197

168.144.134.147

glocksoft.com

80

ESTABLISHED

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

1196

168.144.134.147

glocksoft.com

80

ESTABLISHED

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

1205

168.144.134.147

glocksoft.com

110

TIME_WAIT

0

TCP

192.168.0.55

1198

168.144.134.147

glocksoft.com

80

ESTABLISHED

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

1195

168.144.134.147

glocksoft.com

80

ESTABLISHED

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

1204

168.144.134.147

glocksoft.com

80

ESTABLISHED

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

1194

168.144.134.147

glocksoft.com

80

ESTABLISHED

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

1048

192.168.0.1

BOSS

139

ESTABLISHED

8

System

TCP

192.168.0.55

1208

215.116.244.214

215.116.244.214

110

TIME_WAIT

0

UDP

127.0.0.1

1192

LISTEN

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
UDP

192.168.0.55

137

LISTEN

8

System

TCP

0.0.0.0

1027

LISTEN

8

System

TCP

0.0.0.0

445

LISTEN

8

System

TCP

0.0.0.0

135

LISTEN

388

svchost.exe

C:\WINNT\system32\svchost.exe
UDP

192.168.0.55

138

LISTEN

8

System

UDP

192.168.0.55

500

LISTEN

224

lsass.exe

C:\WINNT\system32\lsass.exe
UDP

127.0.0.1

1052

LISTEN

640

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
UDP

0.0.0.0

135

LISTEN

388

svchost.exe

C:\WINNT\system32\svchost.exe
UDP

0.0.0.0

1026

LISTEN

212

services.exe

C:\WINNT\system32\services.exe
UDP

0.0.0.0

445

LISTEN

8

System

TCP

0.0.0.0

1210

LISTEN

652

msimn.exe

C:\Program Files\Outlook Express\msimn.exe
TCP

0.0.0.0

1195

LISTEN

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

0.0.0.0

1198

LISTEN

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

1210

217.224.130.105

xx.xxxxxxx.xx

110

ESTABLISHED

652

msimn.exe

C:\Program Files\Outlook Express\msimn.exe
TCP

0.0.0.0

1194

LISTEN

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

1048

LISTEN

8

System

TCP

0.0.0.0

1197

LISTEN

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

192.168.0.55

139

LISTEN

8

System

TCP

0.0.0.0

1204

LISTEN

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE
TCP

0.0.0.0

1025

LISTEN

544

MSTask.exe

C:\WINNT\system32\MSTask.exe
TCP

0.0.0.0

1196

LISTEN

596

IEXPLORE.EXE

C:\Program Files\Internet Explorer\IEXPLORE.EXE

 IP Statistics
Parameter

Value

Forwarding

Disabled

Default TTL

255

Datagrams Received

9791

Header Errors(In)

0

Address Errors (In)

0

Datagrams Forwards

0

Unknown Protocols (In)

0

Datagrams Discarded (In)

0

Datagrams Delivered

9791

Requests Out

11078

Routings Discarded

0

Datagrams Discarded (Out)

0

No Routes (Out)

0

Reassemble TimeOuts

60

Reassemble Requests

0

Succesfull Reassemblies

0

Failed Reassemblies

0

Succesful Fragmentations

0

Failed Fragmentations

0

Datagrams Fragmented

0

Number of Interfaces

2

Number of IP-addresses

2

Routes in RoutingTable

7

 UDP Statistics
Parameter

Value

Datagrams (In)

1154

Datagrams (Out)

847

No Ports

165

Errors (In)

0

UDP Listen Ports

8

 TCP Statistics
Parameter

Value

Retransmission algorithm

Other

Minimum Time-Out (ms)

300

Maximum Time-Out (ms)

240000

Maximum Pend.Connections

4

Active Opens

155

Passive Opens

0

Failed Open Attempts

1

Established conn. Reset

59

Current Established Conn.

8

Segments Received

8472

Segments Sent

10187

Segments Retransmitted

17

Incoming Errors

0

Outgoing Resets

118

Cumulative Connections

23

 ICMP Statistics
Parameter

IN

OUT

Messages received

6

 23

Errors

0

0

Dest. Unreachable

3

20

Time Exceeded

0

0

Param. Problems

0

0

Source Quench

0

0

Redirects

0

0

Echo Requests

0

3

Echo Replies

3

0

Timestamp Requests

0

0

Timestamp Replies

0

0

Addr. Masks Requests

0

0

Addr. Mask Replies

0

0

IP-Address Table

Index

IP-Address

Subnet Mask

Broadcast Address

Reassembly Size

00000001

127.0.0.1

255.0.0.0

1.0.0.0

65535

01000003

192.168.0.55

255.255.255.0

1.0.0.0

65535

IP-Routing Table

If. Index

Forw. Destination IP

Subnet Mask

Forward Policy

Next Hop IP

Route Type

 Forw. Protocol

 Age (sec)

Hop Num.

Forward Metric

01000003

0.0.0.0

0.0.0.0

0

192.168.0.1

REMOTE

NETMGMT

169

00000000

1 - - - -

00000001

127.0.0.0

255.0.0.0

0

127.0.0.1

LOCAL

LOCAL

9180

00000000

1 - - - -

01000003

192.168.0.0

255.255.255.0

0

192.168.0.55

LOCAL

LOCAL

9169

00000000

1 - - - -

00000001

192.168.0.55

255.255.255.255

0

127.0.0.1

LOCAL

LOCAL

9169

00000000

1 - - - -

01000003

192.168.0.255

255.255.255.255

0

192.168.0.55

LOCAL

LOCAL

9169

00000000

1 - - - -

01000003

224.0.0.0

224.0.0.0

0

192.168.0.55

LOCAL

LOCAL

9169

00000000

1 - - - -

01000003

255.255.255.255

255.255.255.255

0

192.168.0.55

LOCAL

LOCAL

9180

00000000

1 - - - -

Adapters Info

Index

Type

Description

MAC Address

DHCP

IP Address

Gateway IP

DHCP IP

WINS

Prim. WINS Server

Sec. WINS Server

01000003

ETHERNET

Intel(R) PRO Adapter

xx-xx-xx-xx-xx-xx

1

192.168.0.55

192.168.0.1

192.168.0.1

No


Interface Info

Information

Intel(R) PRO Adapter

MS TCP Loopback interface

Index of the interface

01000003

00000001

Type of interface

ETHERNET

LOOPBACK

Max transmission unit

1500

32768

Speed of the interface

100.0 Mbps

10.0 Mbps

Physical address of adapter

xx-xx-xx-xx-xx-xx

00-00-00-00-00-00

Administrative status

UP

UP

Operational status

UNREACHABLE

UNREACHABLE

Bytes received

4250643

20735

Unicast packets received

8545

715

Non-unicast packets received

712

0

Received packets discarded

0

0

Erroneous packets received

0

0

Unknown protocol packets received

161

0

Bytes sent

8867231

20735

Unicast packets sent

10310

715

Non-unicast packets sent

79

0

Outgoing packets discarded

0

0

Erroneous packets sent

0

0

Output queue length

0

0


ARP

Index

MAC Address

IP Address

Type

01000003

xx-xx-xx-xx-xx-xx

192.168.0.1

DYNAMIC

Network Info

Parameter

Value

Host Name

VICONT

Domain

ScopeId

NetBios Node Type

MIXED

Routing

Disabled

Proxy

Disabled

DNS

Disabled

Current DNS Server

Nil

DNS Server

192.168.0.1

 Advanced Administrative Tools