windows_tcp_listen
Description
Notes
Note
- Requires administrator access to get the process names.
- Likely to provide false positives.
Configuration
[windows_tcp_listen]
enabled = false
Name |
Options |
Default |
Description |
enabled |
true/false |
false |
Plugin status |
Returned values
"windows_tcp_listen": [
{
"LocalAddress": "::",
"LocalPort": 135,
"ProcessName": "C:\\Windows\\system32\\svchost.exe"
},
{
"LocalAddress": "::",
"LocalPort": 443,
"ProcessName": "C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-hostd.exe"
},
{
"LocalAddress": "::",
"LocalPort": 445,
"ProcessName": null
},
{
"LocalAddress": "::",
"LocalPort": 17500,
"ProcessName": "C:\\Program Files (x86)\\Dropbox\\Client\\Dropbox.exe"
}
]
Key |
Description |
LocalAddress |
Listening interface |
LocalPort |
Listening port |
ProcessName |
Name of the process |
Authors