by September 6, 2005 0 comments



There are tons of free, shareware and paid tools available to monitor your network. PortReporter and PR-Parser is a third-party free toolset you can download from the link given in the Direct Hit box. PortReporter is a Windows service that does the logging and PR-Parser is a log-analyzer component. To install them, extract the ZIP files separately to temporary folders and run the ‘setup’ file there.

By default, this service is not started, so run ‘services. msc’ and start this service. Also set it to Automatic. Leave PortReporter running for about one hour, while using the system for other Internet activities, to allow for proper logs.

Direct
Hit!
Applies to: Win XP/2003 users
USP: This tool creates IIS style logs that can be analyzed at the click of a mouse
Primary link:
http://msmvps.com/secure/archive/2004/03/18/4017.aspx
Google keywords:
PortReporter, PR Parser

In the screenshots below, we are using different log files to highlight different features. One important feature we found strangely missing is an option to print or e-mail the log entries or analysis. However, all the screens have a Copy option, which can be used to paste the contents into any program and print or e-mail from there.

When you open the log file, this is the view that you get. You can see a lot of information, as well as right click on any cell to get a relevant and versatile context menu  You can find out about a particular IP address by right clicking and selecting ‘Resolve remote IP address’. You can also do a WhoIs (in a browser window)
You can do a quick port-scan of the remote machine. Standard ports are pre-defined  The properties box gives a wealth of information about activity when that particular log line was written 
When you open ‘Log analysis data’ from the Tools menu, you get a large tabbed window with lots of information. This is a categorized percentile breakdown of information PortReporter records a Service Initialization Log which you can combine with log entries to get a comprehensive view of events. Launch it from the File menu
To view entries regarding a single IP address or process or port, right click in that column and select a Filter If you find a strange process name (‘Module’) in the lists, directly search for information on Google or MSN
From Edit>Criteria Settings, you can specify different parameters PR-Parser should monitor and analyze Criteria set above will be applied to logs as they are opened. Otherwise, select Tools>Apply Criteria 

Sujay V Sarma

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

Your data will be safe!Your e-mail address will not be published. Also other data will not be shared with third person.