TCPView - detect TCP and UDP endpoints on your system
TCPView is a GUI netstat on steroids. It’s also a great tool for you to learn the basics of TCP/IP.
If you want to study a particular network application, TCPView shows exactly which port it’s using and where it’s connecting to. With all those information on hand, it’s easy to customize your firewall rules.
It’s also a handy little tool to track down network configuration/conflict problems. With it’s color coded GUI interface, it’s much more efficient compared to the old “netstat”. Killing an application is a snap and nothing makes me happier to know that I don’t have rougue programs sending tracking information back home.
It’s also great for understanding different types of network exploration methods. Fire up nmap with different switches and experience real time analysis on how some switches avoid firewall detection. It can also be used to study TCP and UDP based DoS (Denial of Service).
If you want to get into more advanced network security monitoring, I would recommend using SGUIL. You will of course need Snort to use SGUIL.
Er SGUIL is just a front end for Snort, you still need Snort to run it.
TCPView is useful tho, you can also check out FPort.
If you are interested in this kinda stuff I also recommend Diskmon, Regmon and Filemon.
Getting into forensics area
Yes of course you need Snort to use SGUIL. I’ll add that into the post.