Listing TCP/UDP process from an organically grown application

Question

I've been asked to compile a list of TCP/UDP and ports they use for the collection of application that comprise our product for a client who wants the information for their firewall.

So I fired up TCPView some of the processes are so short lived that I can't register the information fast enough and there is seemingly no way of recording it. I tried Capsa Free which records the connection but doesn't record the process - they seem to expect you to match it up manually via the PID.

Is there an application that will record the process, the protocol and teh local port it used for later consumption.

I'd rather not manually dig through the source to find which application/dll uses what.

If it's your product can't you just consult the design documentation or ask the devs/designers ? — user9517, Dec 15 '11 at 12:26
The software has been organically grown over 11 years and despite the intial flurry of design, mostly it has been reactive to customer requirements. — graham.reeds, Dec 15 '11 at 13:25

score 2 · Answer 1 · edited Dec 15 '11 at 12:16

2

Use Windump or Wireshark to save the trace to a file, then analyze the output. Wireshark's statistical functions like "protocol hierarchy" or "conversations" might be of some help here.

edited Dec 15 '11 at 12:16

the-wabbit

40,737
13
111
174

answered Dec 15 '11 at 12:08

Bart Silverstrim

31,172
9
67
87

score 2 · Answer 2 · answered Dec 15 '11 at 12:54

2

Microsoft Network Monitor will do exactly that.

answered Dec 15 '11 at 12:54

joeqwerty

109,901
6
81
172

It's a better solution than wireshark in this case because it will allow you to select the traffic per application (which Wireshark/winpcap cannot do) – Stephane Dec 15 '11 at 14:00

Listing TCP/UDP process from an organically grown application

2 Answers2