From owner-freebsd-security  Sun Nov 26 16:48:41 2000
Delivered-To: freebsd-security@freebsd.org
Received: from silby.com (cb34181-c.mdsn1.wi.home.com [24.183.3.139])
	by hub.freebsd.org (Postfix) with ESMTP id 130BA37B4C5
	for <freebsd-security@FreeBSD.ORG>; Sun, 26 Nov 2000 16:48:39 -0800 (PST)
Received: (qmail 73975 invoked by uid 1000); 27 Nov 2000 00:48:38 -0000
Received: from localhost (sendmail-bs@127.0.0.1)
  by localhost with SMTP; 27 Nov 2000 00:48:38 -0000
Date: Sun, 26 Nov 2000 18:48:37 -0600 (CST)
From: Mike Silbersack <silby@silby.com>
To: Kris Kennaway <kris@FreeBSD.ORG>
Cc: Buliwyf McGraw <buliwyf@libertad.univalle.edu.co>,
	freebsd-security@FreeBSD.ORG
Subject: Re: fics
In-Reply-To: <20001126140003.A38904@citusc17.usc.edu>
Message-ID: <Pine.BSF.4.21.0011261846230.73581-100000@achilles.silby.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org


On Sun, 26 Nov 2000, Kris Kennaway wrote:

> is to jump on the machine itself and look at the processes with a
> lsof-like tool. I don't know of any of these for Windows.
> 
> Kris

I found an lsof-like program called "inzider" a few weeks ago, it should
be findable on winfiles or through a search engine.

It works ok, but not great; it seems to miss some sockets.  However, it's
better than nothing.  Granted, that could be due to oddities of win9x -
there are other lsof programs which only run under NT/2000 and are
presumably more accurate.

Mike "Silby" Silbersack



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message