GCIH · Question #260
You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server
The correct answer is D. Fport. Fport maps open TCP/UDP ports directly to the owning application, providing the process ID, process name, and full executable path - details that Netstat alone does not reliably supply.
Question
You work as a Network Administrator for InformSec Inc. You find that the TCP port number 23476 is open on your server. You suspect that there may be a Trojan named Donald Dick installed on your server. Now you want to verify whether Donald Dick is installed on it or not. For this, you want to know the process running on port 23476, as well as the process id, process name, and the path of the process on your server. Which of the following applications will you most likely use to accomplish the task?
Options
- ATripwire
- BSubSeven
- CNetstat
- DFport
How the community answered
(22 responses)- A5% (1)
- D95% (21)
Why each option
Fport maps open TCP/UDP ports directly to the owning application, providing the process ID, process name, and full executable path - details that Netstat alone does not reliably supply.
Tripwire is a file integrity monitoring tool that detects unauthorized changes to files - it does not map network ports to running processes.
SubSeven (Sub7) is itself a remote access Trojan, not a diagnostic or security analysis utility.
Netstat displays active network connections and listening ports but does not provide the full executable path of the owning process, making it insufficient for confirming the Trojan's file location.
Fport, developed by Foundstone, is specifically designed to enumerate all open TCP and UDP ports and correlate each one to the owning process, reporting the process name, process ID (PID), and the full file system path of the executable. This makes it the ideal tool for investigating a suspicious port like 23476 and confirming whether a specific Trojan binary is responsible. Its output directly answers the investigator's need to link a port number to a specific process and its location on disk.
Concept tested: Port-to-process mapping for Trojan identification
Topics
Community Discussion
No community discussion yet for this question.