windows_tcp_listen
Description
Notes
Note
- Requires administrator access to get the process names.
- Likely to provide false positives.
Configuration
[windows_tcp_listen]
enabled = false
| Name |
Options |
Default |
Description |
| enabled |
true/false |
false |
Plugin status |
Returned values
"windows_tcp_listen": [
{
"LocalAddress": "::",
"LocalPort": 135,
"ProcessName": "C:\\Windows\\system32\\svchost.exe"
},
{
"LocalAddress": "::",
"LocalPort": 443,
"ProcessName": "C:\\Program Files (x86)\\VMware\\VMware Workstation\\vmware-hostd.exe"
},
{
"LocalAddress": "::",
"LocalPort": 445,
"ProcessName": null
},
{
"LocalAddress": "::",
"LocalPort": 17500,
"ProcessName": "C:\\Program Files (x86)\\Dropbox\\Client\\Dropbox.exe"
}
]
| Key |
Description |
| LocalAddress |
Listening interface |
| LocalPort |
Listening port |
| ProcessName |
Name of the process |
Authors