Port Reporter 工具的可用性和說明

文章翻譯 文章翻譯
文章編號: 837243 - 檢視此文章適用的產品。
全部展開 | 全部摺疊

在此頁中

結論

本文將告訴您 Port Reporter 工具。Port Reporter 工具是以服務的方式在 Windows Server 2003、Windows XP 和 Windows 2000 電腦上執行。此工具會記錄 TCP 和 UDP 連接埠活動。本文包含有關如何取得並安裝此工具的資訊。安裝工具時,安裝程式會建立適當的登錄項目,並安裝 Port Reporter 服務。

此外,本文還包含有關如何啟動參數,以設定 Port Reporter 服務的資訊,以及 Port Reporter 服務所產生 Port Reporter 記錄檔的資訊。

簡介

本文包含有關如何取得、安裝和設定 Port Reporter 工具的資訊。您可以使用 Port Reporter 工具,來記錄 Microsoft Windows Server 2003、Microsoft Windows XP 或 Microsoft Windows 2000 電腦上的 TCP/IP 連接埠資料。

概觀

Port Reporter 工具會記錄 TCP 和 UDP 連接埠活動。此工具是以服務的方式在 Windows Server 2003、Windows XP 或 Windows 2000 電腦上執行的小程式。

在 Windows Server 2003 和 Windows XP 電腦上,此服務可以記錄下列資訊:
  • 所使用的連接埠
  • 使用連接埠的處理程序
  • 處理程序是否為一個服務
  • 處理程序所載入的模組
  • 執行處理程序的使用者帳戶
在 Windows 2000 電腦上,服務會記錄所使用的連接埠,以及何時使用連接埠。

您可以利用 Port Reporter 工具所記錄的資訊,來追蹤連接埠的使用狀況,並疑難排解特定問題。Port Reporter 工具所記錄的資訊對於維護安全性可能也很有幫助。

取得 Port Reporter 工具

您可以從「Microsoft 下載中心」的此連結取得 Port Reporter 工具:
http://www.microsoft.com/downloads/details.aspx?familyid=69ba779b-bae9-4243-b9d6-63e62b4bcd2e&displaylang=en


重要 Port Reporter Parser 工具是 Port Reporter 記錄檔的記錄剖析器。這個工具現在已提供下載。 Port Reporter Parser 中有許多功能,可以協助您分析 Port Reporter 記錄檔。您可以從下列 Microsoft 網站下載 Port Reporter Parser 工具:
http://download.microsoft.com/download/2/8/8/28810043-0e21-4004-89a3-2f477a74186f/PRParser.exe

安裝 Port Reporter 服務

當您執行安裝程式 (Pr-Setup.exe) 來安裝 Port Reporter 時,安裝程式會執行下列操作:
  • 將下列登錄子機碼新增至 Windows 登錄:
    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PortReporter
    Port Reporter 服務需要此登錄機碼,才能將項目記錄到電腦的應用程式事件日誌中。
  • 安裝 Port Reporter 服務。

    安裝程式會為 Port Reporter 工具建立服務物件,然後將物件新增至「服務控制管理員」資料庫。

將 Port Reporter 服務安裝至預設位置

依預設,Port Reporter 服務是安裝在硬碟的下列資料夾中:
drive:\Program Files\PortReporter
如果要將 Port Reporter 服務安裝至預設位置:
  1. 以本機系統管理員群組成員的身分登入電腦。
  2. 結束電腦中正在執行的所有程式,包括「系統管理工具」中的「服務」工具和「事件檢視器」。
  3. 按兩下 Pr-Setup.exe 執行安裝程式。
  4. 提示您將 Port Reporter 工具安裝至 Program Files 資料夾時,請按下 [Y]。

    按下 [Y] 之後,安裝程式就會在 Program Files 資料夾中,建立名稱為 PortReporter 的子資料夾。Portreporter.exe 會被複製到子資料夾中,並登錄為「服務控制管理員」中的服務。

將 Port Reporter 服務安裝至預設位置以外的其他位置

如果要將 Port Reporter 服務安裝至預設位置以外的其他位置:
  1. 以本機系統管理員群組成員的身分登入電腦。
  2. 結束電腦中正在執行的所有程式,包括「系統管理工具」中的「服務」工具和「事件檢視器」。
  3. 將 Pr-setup.exe 檔案和 Portreporter.exe 檔案複製到您想要安裝 Port Reporter 工具的資料夾。

    注意 您必須從固定的本機磁碟機執行安裝程式。您無法從網路磁碟機或光碟機執行安裝程式。
  4. 在命令提示字元中輸入下列行,然後按下 ENTER 鍵,其中 PathOfFolder 是 Pr-setup.exe 檔案和 Portreporter.exe 檔案所在資料夾的磁碟機及路徑:
    pr-setup.exe -d 'PathOfFolder'
    例如,如果要將工具安裝至 D:\Tools\Port Reporter 資料夾,請輸入
    pr-setup.exe –d 'd:\tools\port reporter\'
    您會在 [命令提示字元] 視窗中收到類似下列的輸出:
    C:\temp>pr-setup.exe -d 'PathOfFolder'
    
    Installing Port Reporter service:PathOfFolder
    
    Creating service...completed successfully
    
    Creating registry key and values...completed successfully
    
    Setup has successfully installed the Port Reporter service The service is currently stopped and set to manual startup type
    
    Please use the services applet in the control panel to configure and start the Port Reporter service
    
    
    press any key to exit setup
  5. 按下任意鍵,以結束安裝程式。

設定和啟動 Port Reporter 服務

如果要確認 Port Reporter 服務是否安裝成功並啟動服務,請依照下列步驟執行:
  1. 按一下 [開始],用滑鼠右鍵按一下 [我的電腦],再按一下 [管理]
  2. 展開 [服務及應用程式],再展開 [服務]
  3. 在右邊窗格中,確認是否列出 Port Reporter 服務。
  4. 如果要啟動服務,請按兩下服務名稱,再按一下以選取 [啟動] 按鈕。按一下 [確定]

    Port Reporter 服務會在指示所要啟動的應用程式記錄檔中建立記錄項目。
依預設,Port Reporter 服務的啟動類型是設定為使用 [手動] 設定。如果您希望此服務可以在 Windows 啟動時自動啟動,請將啟動類型設定為 [自動]

Port Reporter 服務預設會使用本機系統帳戶登入電腦。藉由使用本機系統帳戶,Port Reporter 服務就可以收集系統管理員帳戶或其他使用者帳戶無法存取的處理程序的相關詳細資料。因此,Microsoft 建議您不要修改此設定。

注意 由於此服務會在本機系統帳戶的內容中執行,Microsoft 建議您保護 Port Reporter 安裝所在資料夾的安全。無論您是將 Port Reporter 安裝在預設位置 (%SystemDrive%\Program Files\PortReporter) 或自訂位置,您必須執行下列步驟:
  • 只在 NTFS 檔案系統磁碟分割上安裝 Port Reporter
  • 調整安裝資料夾上的「存取控制清單」(ACL),只讓本機系統管理員群組可以存取資料夾。如果要執行這項操作,請依照下列步驟執行:
    1. 啟動 [Windows 檔案總管],然後找出安裝資料夾。依照預設,安裝資料夾是 %SystemDrive%\Program Files\PortReporter。
    2. 用滑鼠右鍵按一下資料夾,然後按一下 [內容]
    3. 在資料夾內容對話方塊中,按一下 [安全性] 索引標籤,然後檢查擁有資料夾存取權限的群組和使用者名稱。請只讓本機系統管理員群組和系統帳戶可以存取此資料夾。
    4. 選取列出的任何其他群組和使用者,然後按一下 [移除]。當清單中只有本機系統管理員群組和系統帳戶時,按一下 [套用],然後按一下 [確定]

記錄檔的位置

依預設,Port Reporter 工具會嘗試在下列資料夾中建立記錄檔:
%systemroot%\System32\LogFiles\PortReporter
如果這個資料夾不存在,系統就會為您建立資料夾。您可以使用 [Port Reporter] 服務對話方塊中 [一般] 索引標籤上所指定的啟動參數,來設定記錄檔的位置。如果要指定記錄檔資料夾,請在 -ld 命令列選項後面加上您想要使用的資料夾名稱。請確認您在資料夾的名稱前後加上單引號 (')。例如,如果您指定下列啟動參數,Port Reporter 服務就會在啟動時,在 C:\Program Files\Port Reporter 資料夾中建立記錄檔:
-ld 'c:\program files\port reporter'

記錄檔的大小

Port Reporter 預設會持續寫入記錄檔,直到記錄檔達到 5 MB。記錄檔達到 5 MB 之後,就會建立新的記錄檔。如果要設定記錄檔的大小,請使用 -ls 命令列選項。您可以將大小指定在 1000 KB 到 102400 KB 之間。例如,如果您指定下列啟動參數,Port Reporter 服務就會在每次記錄檔達到 7000 KB 時,建立新的記錄檔:
-ls 7000
使用您想要的啟動參數設定 Port Reporter 服務之後,請啟動服務。Port Reporter 服務啟動時,就會在應用程式事件日誌中記錄下列兩個事件:
類型:資訊
來源:PortReporter
類別:無
事件 ID:100
描述:
Port Reporter 服務已啟動。
類型:資訊
來源:PortReporter
類別:無
事件 ID:100
描述:
The Port Reporter service successfully created log files in the following directory: PathOfLogFiles (Port Reporter 服務已成功在下列目錄中建立記錄檔:PathOfLogFiles)

移除 Port Reporter 服務

如果要移除 Port Reporter 服務,請在命令提示字元中輸入下列行,然後按下 ENTER 鍵:
pr-setup.exe -u
您會在 [命令提示字元] 視窗中收到類似下列的輸出:
Uninstalling Port Reporter service...

Deleting service...Stopping service...completed successfully

Removing service...completed successfully

Deleting service...completed successfully

Deleting registry key and values...completed successfully


Setup successfully uninstalled the Port Reporter Service The installation directory has been left intact


press any key to exit setup
移除 Port Reporter 服務時,安裝程式會執行下列操作:
  • 從「服務控制管理員」資料庫解除登錄 Port Reporter 服務。
  • 刪除安裝 Port Reporter 服務時所建立的登錄項目。
當您移除 Port Reporter 服務時,安裝程式不會移除包含 Pr-setup.exe 檔案和 PortReporter.exe 檔案的資料夾,也不會移除服務所建立的任何記錄檔。

解譯 Port Reporter 記錄檔

Port Reporter 服務會在下列情況中建立記錄檔:
  • 每次啟動 Port Reporter 服務
  • 每天午夜
  • 記錄檔達到 5 MB,或達到您在啟動參數中指定的自訂大小
Port Reporter 服務啟動時,會建立下列記錄檔:
  • PR-INITIAL-*.log
  • PR-PORTS-*.log
  • PR-PIDS-*.log
建立檔案時,每個記錄檔會以日期和時間 (24 小時制) 來命名。日期和時間戳記的格式為:年 - 月 - 日 - 分 - 秒。例如,下列三個檔案的建立日期為:2004 年 1 月 24 日,上午 8:49:30:
  • PR-INITIAL-04-01-24-8-49-30.log
  • PR-PORTS-04-01-24-8-49-30.log
  • PR-PIDS-04-01-24-8-49-30.log

PR-INITIAL 記錄檔

PR-INITIAL 記錄檔包含 Port Reporter 服務所收集的資料,其中包括啟動 Port Reporter 服務時電腦上所執行的連接埠、處理程序及模組等資料,以及執行於所登入每個處理程序的使用者內容。下列是 Port Reporter 服務啟動時,在 Windows XP 電腦中建立的 PR-INITIAL 記錄檔內容範例:
Port Reporter Version 1.0 Log File

Service initialization log

System Date:<Date and Time>


Local computer name:

<ComputerName>

TCP/UDP Port to Process Mappings at service start-up

36 mappings found

PID:Process		Port		Local IP	State:		 Remote IP:Port 0:System Idle		TCP 4857	169.254.66.8 	TIME WAIT	 169.254.44.123:80 4:System		TCP 445	0.0.0.0 	LISTENING	 0.0.0.0:6246 4:System		TCP 1026	0.0.0.0 	LISTENING	 0.0.0.0:28726 4:System		TCP 139	169.254.66.8 	LISTENING	 0.0.0.0:34925 4:System		UDP 445	0.0.0.0 			 *:* 4:System		UDP 137	169.254.66.8 			 *:* 4:System		UDP 138	169.254.66.8 			 *:* 664:iexplore.exe	TCP 4867	0.0.0.0 	LISTENING	 0.0.0.0:4225 664:iexplore.exe	TCP 4870	0.0.0.0 	LISTENING	 0.0.0.0:45070 664:iexplore.exe	TCP 4871	0.0.0.0 	LISTENING	 0.0.0.0:18494 664:iexplore.exe	TCP 4872	0.0.0.0 	LISTENING	 0.0.0.0:6182 664:iexplore.exe	TCP 4867	169.254.66.8 	ESTABLISHED 	 169.254.44.123:80 664:iexplore.exe	TCP 4870	169.254.66.8 	ESTABLISHED 	 207.68.177.62:80 664:iexplore.exe	TCP 4871	169.254.66.8 	ESTABLISHED 	 207.46.248.110:80 664:iexplore.exe	TCP 4872	169.254.66.8 	ESTABLISHED 	 207.46.248.110:80 664:iexplore.exe	UDP 4817	127.0.0.1 			 *:* 748:lsass.exe		UDP 500	0.0.0.0 			 *:* 952:svchost.exe	TCP 135	0.0.0.0 	LISTENING	 0.0.0.0:2096 1092:svchost.exe	TCP 1025	0.0.0.0 	LISTENING	 0.0.0.0:2064 1092:svchost.exe	TCP 3002	127.0.0.1 	LISTENING	 0.0.0.0:49193 1092:svchost.exe	TCP 3003	127.0.0.1 	LISTENING	 0.0.0.0:39078 1092:svchost.exe	UDP 123	169.254.66.8 			 *:* 1092:svchost.exe	UDP 123	127.0.0.1 			 *:* 1192:svchost.exe	UDP 3009	0.0.0.0 			 *:* 1192:svchost.exe	UDP 3015	0.0.0.0 			 *:* 1192:svchost.exe	UDP 3016	0.0.0.0 			 *:* 1228:svchost.exe	TCP 5000	0.0.0.0 	LISTENING	 0.0.0.0:45223 1228:svchost.exe	UDP 1900	169.254.66.8 			 *:* 1228:svchost.exe	UDP 1900	127.0.0.1 			 *:* 1536:alg.exe		TCP 3001	127.0.0.1 	LISTENING	 0.0.0.0:2064 1568:InoRpc.exe	TCP 42510	0.0.0.0 	LISTENING	 0.0.0.0:14373 1568:InoRpc.exe	UDP 43508	169.254.66.8 			 *:* 3764:msmsgs.exe	TCP 16521	169.254.66.8 	LISTENING	 0.0.0.0:45294 3764:msmsgs.exe	UDP 4803	0.0.0.0 			 *:* 3764:msmsgs.exe	UDP 9160	169.254.66.8 			 *:* 3764:msmsgs.exe	UDP 9586  	169.254.66.8 			 *:* =======================

======================================================

Process ID:4 (System)

System Process

PID	Port		Local IP	State:		 Remote IP:Port 4	TCP 445	0.0.0.0 	LISTENING	 0.0.0.0:6246 4	TCP 1026	0.0.0.0 	LISTENING	 0.0.0.0:28726 4	TCP 139	169.254.66.8 	LISTENING	 0.0.0.0:34925 4	UDP 445	0.0.0.0 			 *:* 4	UDP 137	169.254.66.8 			 *:* 4	UDP 138  	169.254.66.8 			 *:*

Port Statistics

TCP mappings:3 UDP mappings: 3

TCP ports in a LISTENING state: 	3 = 100.00%


Could not access module information for this process

======================================================

Process ID:748 (lsass.exe)

User context:NT AUTHORITY\SYSTEM

Service Name:PolicyAgent Display Name:IPSEC Services Service Type:shares a process with other services

Service Name:ProtectedStorage Display Name:Protected Storage

Service Name:SamSs Display Name:Security Accounts Manager Service Type:shares a process with other services

PID	Port		Local IP	State:		 Remote IP:Port 748	UDP 500  	0.0.0.0 			 *:*

Port Statistics

TCP mappings:0 UDP mappings: 1


Loaded modules:D:\WINDOWS\system32\lsass.exe (0x01000000)

D:\WINDOWS\System32\ntdll.dll (0x77F50000) D:\WINDOWS\system32\kernel32.dll (0x77E60000) D:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000) D:\WINDOWS\system32\RPCRT4.dll (0x78000000) D:\WINDOWS\system32\LSASRV.dll (0x74520000) D:\WINDOWS\system32\msvcrt.dll (0x77C10000) D:\WINDOWS\system32\Secur32.dll (0x76F90000) D:\WINDOWS\system32\USER32.dll (0x77D40000) D:\WINDOWS\system32\GDI32.dll (0x77C70000) D:\WINDOWS\system32\SAMSRV.dll (0x74440000) D:\WINDOWS\system32\cryptdll.dll (0x76790000) D:\WINDOWS\system32\DNSAPI.dll (0x76F20000) D:\WINDOWS\system32\WS2_32.dll (0x71AB0000) D:\WINDOWS\system32\WS2HELP.dll (0x71AA0000) D:\WINDOWS\system32\MSASN1.dll (0x762A0000) D:\WINDOWS\system32\NETAPI32.dll (0x71C20000) D:\WINDOWS\system32\SAMLIB.dll (0x71BF0000) D:\WINDOWS\system32\MPR.dll (0x71B20000) D:\WINDOWS\system32\NTDSAPI.dll (0x767A0000) D:\WINDOWS\system32\WLDAP32.dll (0x76F60000) D:\WINDOWS\system32\msprivs.dll (0x743B0000) D:\WINDOWS\system32\kerberos.dll (0x71CF0000) D:\WINDOWS\system32\msv1_0.dll (0x76D10000) D:\WINDOWS\system32\netlogon.dll (0x744B0000) D:\WINDOWS\system32\w32time.dll (0x767C0000) D:\WINDOWS\system32\MSVCP60.dll (0x55900000) D:\WINDOWS\system32\iphlpapi.dll (0x76D60000) D:\WINDOWS\system32\USERENV.dll (0x75A70000) D:\WINDOWS\system32\schannel.dll (0x767F0000) D:\WINDOWS\system32\CRYPT32.dll (0x762C0000) D:\WINDOWS\system32\wdigest.dll (0x74380000) D:\WINDOWS\System32\rsaenh.dll (0x0FFD0000) D:\WINDOWS\system32\setupapi.dll (0x76670000) D:\WINDOWS\system32\scecli.dll (0x74410000) D:\WINDOWS\system32\OLEAUT32.dll (0x77120000) D:\WINDOWS\system32\OLE32.DLL (0x771B0000) D:\WINDOWS\system32\shell32.dll (0x773D0000) D:\WINDOWS\system32\SHLWAPI.dll (0x70A70000) D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll (0x71950000) D:\WINDOWS\system32\comctl32.dll (0x77340000) D:\WINDOWS\system32\ipsecsvc.dll (0x743E0000) D:\WINDOWS\system32\oakley.DLL (0x745D0000) D:\WINDOWS\system32\WINIPSEC.DLL (0x74370000) D:\WINDOWS\system32\mswsock.dll (0x71A50000) D:\WINDOWS\System32\wshtcpip.dll (0x71A90000) D:\WINDOWS\system32\pstorsvc.dll (0x743A0000) D:\WINDOWS\system32\psbase.dll (0x743C0000) D:\WINDOWS\System32\dssenh.dll (0x0FFA0000) ======================================================

Process ID:952 (svchost.exe)

User context:NT AUTHORITY\SYSTEM

Service Name:RpcSs Display Name:Remote Procedure Call (RPC) Service Type:shares a process with other services

PID	Port		Local IP	State:		 Remote IP:Port 952	TCP 135	0.0.0.0 	LISTENING	 0.0.0.0:2096

Port Statistics

TCP mappings:1 UDP mappings: 0

TCP ports in a LISTENING state: 	1 = 100.00%

Loaded modules:D:\WINDOWS\system32\svchost.exe (0x01000000)

D:\WINDOWS\System32\ntdll.dll (0x77F50000) D:\WINDOWS\system32\kernel32.dll (0x77E60000) D:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000) D:\WINDOWS\system32\RPCRT4.dll (0x78000000) d:\windows\system32\rpcss.dll (0x75850000) D:\WINDOWS\system32\msvcrt.dll (0x77C10000) d:\windows\system32\WS2_32.dll (0x71AB0000) d:\windows\system32\WS2HELP.dll (0x71AA0000) D:\WINDOWS\system32\USER32.dll (0x77D40000) D:\WINDOWS\system32\GDI32.dll (0x77C70000) d:\windows\system32\Secur32.dll (0x76F90000) D:\WINDOWS\system32\userenv.dll (0x75A70000) D:\WINDOWS\system32\mswsock.dll (0x71A50000) D:\WINDOWS\System32\wshtcpip.dll (0x71A90000) D:\WINDOWS\system32\DNSAPI.dll (0x76F20000) D:\WINDOWS\system32\iphlpapi.dll (0x76D60000) D:\WINDOWS\System32\winrnr.dll (0x76FB0000) D:\WINDOWS\system32\WLDAP32.dll (0x76F60000) D:\WINDOWS\system32\rasadhlp.dll (0x76FC0000) D:\WINDOWS\system32\CLBCATQ.DLL (0x76FD0000) D:\WINDOWS\system32\ole32.dll (0x771B0000) D:\WINDOWS\system32\OLEAUT32.dll (0x77120000) D:\WINDOWS\system32\COMRes.dll (0x77050000) D:\WINDOWS\system32\VERSION.dll (0x77C00000) ======================================================

Process ID:1092 (svchost.exe)

User context:NT AUTHORITY\SYSTEM

Service Name:AudioSrv Display Name:Windows Audio Service Type:shares a process with other services

Service Name:BITS Display Name:Background Intelligent Transfer Service Service Type:shares a process with other services

Service Name:CryptSvc Display Name:Cryptographic Services Service Type:shares a process with other services

Service Name:Dhcp Display Name:DHCP Client Service Type:shares a process with other services

Service Name:dmserver Display Name:Logical Disk Manager Service Type:shares a process with other services

Service Name:ERSvc Display Name:Error Reporting Service Service Type:shares a process with other services

Service Name:EventSystem Display Name:COM+ Event System Service Type:shares a process with other services

Service Name:helpsvc Display Name:Help and Support Service Type:shares a process with other services

Service Name:lanmanserver Display Name:Server Service Type:shares a process with other services

Service Name:lanmanworkstation Display Name:Workstation Service Type:shares a process with other services

Service Name:Messenger Display Name:Messenger Service Type:shares a process with other services

Service Name:Netman Display Name:Network Connections

Service Name:Nla Display Name:Network Location Awareness (NLA) Service Type:shares a process with other services

Service Name:RasMan Display Name:Remote Access Connection Manager Service Type:shares a process with other services

Service Name:Schedule Display Name:Task Scheduler

Service Name:seclogon Display Name:Secondary Logon

Service Name:SENS Display Name:System Event Notification Service Type:shares a process with other services

Service Name:SharedAccess Display Name:Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS) Service Type:shares a process with other services

Service Name:ShellHWDetection Display Name:Shell Hardware Detection Service Type:shares a process with other services

Service Name:srservice Display Name:System Restore Service Service Type:shares a process with other services

Service Name:TapiSrv Display Name:Telephony Service Type:shares a process with other services

Service Name:TermService Display Name:Terminal Services Service Type:shares a process with other services

Service Name:Themes Display Name:Themes Service Type:shares a process with other services

Service Name:TrkWks Display Name:Distributed Link Tracking Client Service Type:shares a process with other services

Service Name:W32Time Display Name:Windows Time Service Type:shares a process with other services

Service Name:winmgmt Display Name:Windows Management Instrumentation Service Type:shares a process with other services

Service Name:wuauserv Display Name:Automatic Updates Service Type:shares a process with other services

Service Name:WZCSVC Display Name:Wireless Zero Configuration Service Type:shares a process with other services

PID	Port		Local IP	State:		 Remote IP:Port 1092	TCP 1025	0.0.0.0 	LISTENING	 0.0.0.0:2064 1092	TCP 3002	127.0.0.1 	LISTENING	 0.0.0.0:49193 1092	TCP 3003	127.0.0.1 	LISTENING	 0.0.0.0:39078 1092	UDP 123	169.254.66.8 			 *:* 1092	UDP 123  	127.0.0.1 			 *:*

Port Statistics

TCP mappings:3 UDP mappings: 2

TCP ports in a LISTENING state: 	3 = 100.00%

Loaded modules:D:\WINDOWS\System32\svchost.exe (0x01000000)

D:\WINDOWS\System32\ntdll.dll (0x77F50000) D:\WINDOWS\system32\kernel32.dll (0x77E60000) D:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000) D:\WINDOWS\system32\RPCRT4.dll (0x78000000) D:\WINDOWS\system32\ole32.dll (0x771B0000) D:\WINDOWS\system32\GDI32.dll (0x77C70000) D:\WINDOWS\system32\USER32.dll (0x77D40000) d:\windows\system32\shsvcs.dll (0x76BD0000) D:\WINDOWS\system32\msvcrt.dll (0x77C10000) D:\WINDOWS\system32\SHLWAPI.dll (0x70A70000) D:\WINDOWS\system32\shell32.dll (0x773D0000) D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll (0x71950000) D:\WINDOWS\system32\comctl32.dll (0x77340000) D:\WINDOWS\System32\WINSTA.dll (0x76360000) d:\windows\system32\dhcpcsvc.dll (0x76D80000) d:\windows\system32\DNSAPI.dll (0x76F20000) d:\windows\system32\WS2_32.dll (0x71AB0000) d:\windows\system32\WS2HELP.dll (0x71AA0000) d:\windows\system32\iphlpapi.dll (0x76D60000) d:\windows\system32\Secur32.dll (0x76F90000) D:\WINDOWS\System32\UxTheme.dll (0x5AD70000) D:\WINDOWS\System32\rsaenh.dll (0x0FFD0000) d:\windows\system32\wzcsvc.dll (0x70B50000) d:\windows\system32\rtutils.dll (0x76E80000) d:\windows\system32\WMI.dll (0x76D30000) D:\WINDOWS\system32\OLEAUT32.dll (0x77120000) D:\WINDOWS\system32\CRYPT32.dll (0x762C0000) D:\WINDOWS\system32\MSASN1.dll (0x762A0000) d:\windows\system32\WTSAPI32.dll (0x76F50000) d:\windows\system32\ESENT.dll (0x69710000) D:\WINDOWS\system32\WLDAP32.dll (0x76F60000) d:\windows\system32\NETAPI32.dll (0x71C20000) D:\WINDOWS\system32\mswsock.dll (0x71A50000) D:\WINDOWS\System32\wshtcpip.dll (0x71A90000) D:\WINDOWS\System32\rastls.dll (0x555A0000) D:\WINDOWS\System32\ATL.DLL (0x76B20000) D:\WINDOWS\System32\CRYPTUI.dll (0x754D0000) D:\WINDOWS\System32\WINTRUST.dll (0x76C30000) D:\WINDOWS\system32\IMAGEHLP.dll (0x76C90000) D:\WINDOWS\system32\WININET.dll (0x76200000) D:\WINDOWS\System32\MPRAPI.dll (0x76D40000) D:\WINDOWS\System32\ACTIVEDS.dll (0x76E40000) D:\WINDOWS\System32\adsldpc.dll (0x76E10000) D:\WINDOWS\System32\SAMLIB.dll (0x71BF0000) D:\WINDOWS\System32\SETUPAPI.dll (0x76670000) D:\WINDOWS\System32\RASAPI32.dll (0x76EE0000) D:\WINDOWS\System32\rasman.dll (0x76E90000) D:\WINDOWS\System32\TAPI32.dll (0x76EB0000) D:\WINDOWS\System32\WINMM.dll (0x76B40000) D:\WINDOWS\System32\SCHANNEL.dll (0x767F0000) D:\WINDOWS\system32\USERENV.dll (0x75A70000) D:\WINDOWS\System32\WinSCard.dll (0x723D0000) D:\WINDOWS\System32\raschap.dll (0x70AF0000) D:\WINDOWS\system32\msv1_0.dll (0x76D10000) D:\WINDOWS\System32\CLBCATQ.DLL (0x76FD0000) D:\WINDOWS\System32\COMRes.dll (0x77050000) D:\WINDOWS\system32\VERSION.dll (0x77C00000) d:\windows\system32\schedsvc.dll (0x751D0000) d:\windows\system32\NTDSAPI.dll (0x767A0000) D:\WINDOWS\System32\MSIDLE.DLL (0x74F50000) D:\WINDOWS\System32\NTMARTA.DLL (0x76CE0000) d:\windows\system32\audiosrv.dll (0x708B0000) d:\windows\system32\wkssvc.dll (0x75170000) d:\windows\system32\cryptsvc.dll (0x74FA0000) d:\windows\system32\certcli.dll (0x75350000) d:\windows\pchealth\helpctr\binaries\pchsvc.dll (0x74F40000) d:\windows\system32\es.dll (0x76B70000) d:\windows\system32\ersvc.dll (0x74F80000) d:\windows\system32\dmserver.dll (0x74F90000) d:\windows\system32\srvsvc.dll (0x75090000) d:\windows\system32\msgsvc.dll (0x74F60000) d:\windows\system32\netman.dll (0x76DE0000) d:\windows\system32\seclogon.dll (0x73D20000) d:\windows\system32\sens.dll (0x722D0000) d:\windows\system32\srsvc.dll (0x751A0000) d:\windows\system32\POWRPROF.dll (0x74AD0000) d:\windows\system32\tapisrv.dll (0x733E0000) d:\windows\system32\PSAPI.DLL (0x76BF0000) d:\windows\system32\trkwks.dll (0x75070000) d:\windows\system32\w32time.dll (0x767C0000) d:\windows\system32\MSVCP60.dll (0x55900000) d:\windows\system32\wbem\wmisvc.dll (0x597A0000) d:\windows\system32\wbem\wbemcomn.dll (0x75290000) D:\WINDOWS\System32\VSSAPI.DLL (0x753E0000) d:\windows\system32\wuauserv.dll (0x74EC0000) D:\WINDOWS\System32\wuaueng.dll (0x01B20000) D:\WINDOWS\System32\ADVPACK.dll (0x75260000) D:\WINDOWS\System32\sfc.dll (0x76BB0000) D:\WINDOWS\System32\sfc_os.dll (0x76C60000) d:\windows\system32\rasmans.dll (0x72480000) d:\windows\system32\WINIPSEC.DLL (0x74370000) d:\windows\system32\netcfgx.dll (0x755F0000) d:\windows\system32\CLUSAPI.dll (0x55560000) d:\windows\system32\browser.dll (0x74FE0000) D:\WINDOWS\System32\winspool.drv (0x73000000) D:\WINDOWS\System32\rastapi.dll (0x72060000) D:\WINDOWS\System32\SXS.DLL (0x75E90000) D:\WINDOWS\system32\comsvcs.dll (0x75730000) D:\WINDOWS\system32\MTXCLU.DLL (0x750F0000) D:\WINDOWS\system32\WSOCK32.dll (0x71AD0000) D:\WINDOWS\system32\colbact.DLL (0x75130000) D:\WINDOWS\System32\RESUTILS.DLL (0x750B0000) D:\WINDOWS\System32\mtxoci.dll (0x750D0000) D:\WINDOWS\System32\unimdm.tsp (0x57CC0000) D:\WINDOWS\System32\uniplat.dll (0x72000000) D:\WINDOWS\System32\kmddsp.tsp (0x57D40000) D:\WINDOWS\System32\ndptsp.tsp (0x57D20000) D:\WINDOWS\System32\ipconf.tsp (0x57D50000) D:\WINDOWS\System32\h323.tsp (0x57D70000) D:\WINDOWS\System32\hidphone.tsp (0x57D60000) D:\WINDOWS\System32\HID.DLL (0x688F0000) D:\WINDOWS\System32\rasppp.dll (0x72240000) D:\WINDOWS\System32\ntlsapi.dll (0x724B0000) d:\windows\system32\ipnathlp.dll (0x66460000) d:\windows\system32\netshell.dll (0x75CF0000) d:\windows\system32\credui.dll (0x76C00000) d:\windows\system32\HNetCfg.dll (0x68880000) D:\WINDOWS\System32\rasadhlp.dll (0x76FC0000) D:\WINDOWS\System32\Wbem\wbemcore.dll (0x75450000) D:\WINDOWS\System32\Wbem\esscli.dll (0x75310000) D:\WINDOWS\System32\Wbem\FastProx.dll (0x75690000) D:\WINDOWS\System32\wbem\wmiutils.dll (0x75020000) D:\WINDOWS\System32\wbem\repdrvfs.dll (0x75200000) D:\WINDOWS\System32\wbem\wmiprvsd.dll (0x597F0000) D:\WINDOWS\System32\NCObjAPI.DLL (0x5F770000) D:\WINDOWS\System32\wbem\wbemess.dll (0x75390000) D:\WINDOWS\System32\winhttp.dll (0x76080000) d:\windows\system32\termsrv.dll (0x752D0000) d:\windows\system32\ICAAPI.dll (0x74F70000) d:\windows\system32\AUTHZ.dll (0x76CC0000) d:\windows\system32\mstlsapi.dll (0x75110000) D:\WINDOWS\System32\REGAPI.dll (0x76BC0000) D:\WINDOWS\System32\wbem\ncprov.dll (0x5F740000) D:\WINDOWS\System32\catsrvut.dll (0x6FB10000) D:\WINDOWS\System32\MfcSubs.dll (0x61990000) D:\WINDOWS\system32\MPR.dll (0x71B20000) D:\WINDOWS\System32\msi.dll (0x76400000) D:\WINDOWS\System32\Cabinet.dll (0x75150000) D:\WINDOWS\system32\urlmon.dll (0x1A400000) D:\WINDOWS\System32\catsrv.dll (0x6FBD0000) D:\WINDOWS\System32\upnp.dll (0x555F0000) D:\WINDOWS\System32\SSDPAPI.dll (0x74F00000) D:\WINDOWS\System32\RASDLG.dll (0x75550000) d:\windows\system32\qmgr.dll (0x5DDD0000) d:\windows\system32\SHFOLDER.dll (0x76780000) D:\WINDOWS\System32\qmgrprxy.dll (0x5DDC0000) D:\WINDOWS\System32\sensapi.dll (0x722B0000) D:\WINDOWS\System32\winrnr.dll (0x76FB0000) D:\WINDOWS\System32\wbem\wbemsvc.dll (0x74ED0000) D:\WINDOWS\System32\actxprxy.dll (0x71D40000) D:\WINDOWS\System32\wbem\wbemcons.dll (0x73D30000)
由於 Windows 2000 系統不支援連接埠對處理程序 (Port-to-process) 對應,因此,PR-INITIAL 記錄檔會包含下列行:
Port to process mappings are not available on this system. (此系統無法使用連接埠對處理程序對應)

PR-PORTS 記錄檔

PR-PORTS 記錄檔包含有關電腦上 TCP 和 UDP 連接埠活動的摘要資料。資料會以如下的逗號分隔值 (csv) 格式列出:
date,time,protocol,local port,local IP address,remote port,remote IP address,PID,module,user context
在不支援連接埠對處理程序對應的 Windows 2000 電腦上,Port Reporter 服務會以下列格式列出資料:
date,time,protocol,local port,local IP address,remote port,remote IP address
下列是 PR-PORTS 記錄檔的內容範例:
Port Reporter Version 1.0 Log File - Port usage log

Check PR-PIDS-04-01-24-8-49-30.log for corresponding process data

Log format:date,time,protocol,local port,local IP address,remote port,remote IP address,PID,module,user context

04/1/24,8:52:21,TCP,4873,0.0.0.0,45070,0.0.0.0,664,iexplore.exe,<MYDOMAIN\user> 04/1/24,8:52:21,TCP,4873,169.254.66.8,80,63.208.107.43,664,iexplore.exe,<MYDOMAIN\user> 04/1/24,8:52:22,UDP,55441,169.254.66.8,*,*,3764,msmsgs.exe,<MYDOMAIN\user> 04/1/24,8:52:41,TCP,4874,0.0.0.0,4225,0.0.0.0,664,iexplore.exe,<MYDOMAIN\user> 04/1/24,8:52:41,TCP,4874,169.254.66.8,80,216.74.132.12,664,iexplore.exe,<MYDOMAIN\user> 4/1/24,21:36:2,TCP,2682,169.254.66.8,445,169.254.133.55,4,System, 04/1/24,21:51:2,TCP,2684,0.0.0.0,12390,0.0.0.0,4,System, 04/1/24,21:51:2,TCP,2684,169.254.66.8,445,169.254.133.55,4,System, 04/1/24,22:03:15,UDP,2686,0.0.0.0,*,*,2424,Virtual PC.exe,<MYDOMAIN\user> 04/1/24,22:03:15,UDP,2687,0.0.0.0,*,*,2424,Virtual PC.exe,<MYDOMAIN\user> 04/1/24,22:03:43,UDP,2688,0.0.0.0,*,*,2424,Virtual PC.exe,<MYDOMAIN\user> 04/1/24,22:04:9,TCP,2690,169.254.66.8,389,169.254.133.55,0,System Idle, 04/1/24,22:04:35,TCP,2691,0.0.0.0,18644,0.0.0.0,1260,svchost.exe 04/1/24,22:04:36,TCP,2691,169.254.66.8,80,169.254.133.55,1260,svchost.exe 04/1/24,22:04:36,UDP,2692,127.0.0.1,*,*,1260,svchost.exe,<NT AUTHORITY\NETWORK SERVICE> 04/1/24,22:04:37,TCP,2693,0.0.0.0,2160,0.0.0.0,1260,svchost.exe,<NT AUTHORITY\NETWORK SERVICE> 04/1/24,22:04:40,TCP,2693,169.254.66.8,80,169.254.133.55,1260,svchost.exe,<NT AUTHORITY\NETWORK SERVICE> 04/1/24,22:05:2,UDP,2697,0.0.0.0,*,*,2424,Virtual PC.exe,<MYDOMAIN\user> 04/1/24,22:06:2,TCP,2698,0.0.0.0,12390,0.0.0.0,4,System, 04/1/24,22:06:2,TCP,2698,169.254.66.8,445,169.254.133.55,4,System, 04/1/24,22:06:46,UDP,2700,0.0.0.0,*,*,2424,Virtual PC.exe,<MYDOMAIN\user> 04/1/24,22:06:47,UDP,2701,0.0.0.0,*,*,2424,Virtual PC.exe,<MYDOMAIN\user> 04/1/24,22:06:47,UDP,2702,0.0.0.0,*,*,2424,Virtual PC.exe,<MYDOMAIN\user>
您可能會在 PR-PORTS 記錄檔中看到類似下列的項目:
04/1/24,22:06:2,TCP,2698,0.0.0.0,12390,0.0.0.0,4,System,
此情況表示遺失使用者內容。這些項目表示 Port Reporter 服務無法判斷與處理程序關聯的使用者帳戶。此預期輸出是為系統處理程序及系統閒置處理程序而產生。當您檢閱 PR-PORTS 記錄檔中有關連接埠或處理程序的內容時,請記下您想要進一步調查的項目的日期和時間戳記。如果您在 PR-PIDS 記錄檔中找到相對應的項目,就可以找出 PR-PORTS 記錄檔項目的相關詳細資料。如果要執行這項操作,請依照下列步驟執行:
  1. 啟動「記事本」,然後開啟 PR-PIDS 記錄檔。
  2. [編輯] 功能表上,按一下 [尋找]
  3. [尋找目標] 方塊中,輸入 PR-PORTS 記錄檔項目的日期和時間戳記,以搜尋更多資訊,然後按一下 [找下一個]

PR-PIDS 記錄檔

PR-PIDS 記錄檔包含有關連接埠、處理程序、相關模組,以及處理程序所執行使用者帳戶的詳細資訊。下列是 PR-PIDS 記錄檔的內容範例:
Port Reporter Version 1.0 Log File

Process detail log

System Date:Sat Jan 24 08:49:31 2004


Local computer name:

<ComputerName>


======================================================

Log entry below recorded at:<日期和時間>

======================================================

Process ID:664 (iexplore.exe)

User context:MYDOMAIN\user

Process doesn't appear to be a service

PID	Port		Local IP	State:		 Remote IP:Port 664	TCP 4867	0.0.0.0 	LISTENING	 0.0.0.0:4225 664	TCP 4873	0.0.0.0 	LISTENING	 0.0.0.0:45070 664	TCP 4867	169.254.66.8  	ESTABLISHED 	 169.254.44.12:80 664	TCP 4873	169.254.66.8  	SYN SENT	 169.254.44.12:80 664	UDP 4817  	127.0.0.1 			 *:*

Port Statistics

TCP mappings:4 UDP mappings: 1

TCP ports in a LISTENING state:	2 = 50.00% TCP ports in a SYN SENT state:		1 = 25.00% TCP ports in a ESTABLISHED state: 	1 = 25.00%

Loaded modules:D:\Program Files\Internet Explorer\iexplore.exe (0x00400000)

D:\WINDOWS\System32\ntdll.dll (0x77F50000) D:\WINDOWS\system32\kernel32.dll (0x77E60000) D:\WINDOWS\system32\msvcrt.dll (0x77C10000) D:\WINDOWS\system32\USER32.dll (0x77D40000) D:\WINDOWS\system32\GDI32.dll (0x77C70000) D:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000) D:\WINDOWS\system32\RPCRT4.dll (0x78000000) D:\WINDOWS\system32\SHLWAPI.dll (0x70A70000) D:\WINDOWS\System32\SHDOCVW.dll (0x71700000) D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\comctl32.dll (0x71950000) D:\WINDOWS\system32\SHELL32.dll (0x773D0000) D:\WINDOWS\system32\comctl32.dll (0x77340000) D:\WINDOWS\system32\ole32.dll (0x771B0000) D:\WINDOWS\System32\uxtheme.dll (0x5AD70000) D:\WINDOWS\System32\BROWSEUI.dll (0x75F80000) D:\WINDOWS\System32\browselc.dll (0x72430000) D:\WINDOWS\system32\appHelp.dll (0x75F40000) D:\WINDOWS\System32\CLBCATQ.DLL (0x76FD0000) D:\WINDOWS\system32\OLEAUT32.dll (0x77120000) D:\WINDOWS\System32\COMRes.dll (0x77050000) D:\WINDOWS\system32\VERSION.dll (0x77C00000) D:\WINDOWS\system32\WININET.dll (0x76200000) D:\WINDOWS\system32\CRYPT32.dll (0x762C0000) D:\WINDOWS\system32\MSASN1.dll (0x762A0000) D:\WINDOWS\System32\Secur32.dll (0x76F90000) D:\WINDOWS\System32\cscui.dll (0x76620000) D:\WINDOWS\System32\CSCDLL.dll (0x76600000) D:\WINDOWS\System32\SETUPAPI.dll (0x76670000) D:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (0x10000000) D:\Program Files\Microsoft\Rights Management Add-on\mime_filter.dll (0x5F200000) D:\WINDOWS\System32\SXS.DLL (0x75E90000) D:\WINDOWS\system32\urlmon.dll (0x1A400000) D:\WINDOWS\System32\shdoclc.dll (0x00DE0000) D:\WINDOWS\System32\mlang.dll (0x74770000) D:\WINDOWS\System32\wsock32.dll (0x71AD0000) D:\WINDOWS\System32\WS2_32.dll (0x71AB0000) D:\WINDOWS\System32\WS2HELP.dll (0x71AA0000) D:\WINDOWS\system32\mswsock.dll (0x71A50000) D:\WINDOWS\System32\wshtcpip.dll (0x71A90000) D:\WINDOWS\System32\RASAPI32.DLL (0x76EE0000) D:\WINDOWS\System32\rasman.dll (0x76E90000) D:\WINDOWS\System32\NETAPI32.dll (0x71C20000) D:\WINDOWS\System32\TAPI32.dll (0x76EB0000) D:\WINDOWS\System32\rtutils.dll (0x76E80000) D:\WINDOWS\System32\WINMM.dll (0x76B40000) D:\WINDOWS\System32\sensapi.dll (0x722B0000) D:\WINDOWS\system32\USERENV.dll (0x75A70000) D:\WINDOWS\System32\msi.dll (0x01370000) D:\WINDOWS\System32\DNSAPI.dll (0x76F20000) D:\WINDOWS\System32\winrnr.dll (0x76FB0000) D:\WINDOWS\system32\WLDAP32.dll (0x76F60000) D:\WINDOWS\System32\rasadhlp.dll (0x76FC0000) D:\WINDOWS\System32\mshtml.dll (0x63580000) D:\WINDOWS\System32\IMM32.DLL (0x76390000) D:\Program Files\Microsoft Office\Office10\msohev.dll (0x32520000) D:\WINDOWS\System32\jscript.dll (0x6B700000) D:\WINDOWS\System32\dxtrans.dll (0x6BDD0000) D:\WINDOWS\System32\ATL.DLL (0x76B20000) D:\WINDOWS\System32\ddrawex.dll (0x65000000) D:\WINDOWS\System32\DDRAW.dll (0x51000000) D:\WINDOWS\System32\DCIMAN32.dll (0x73BC0000) D:\WINDOWS\System32\dxtmsft.dll (0x6BE10000) D:\WINDOWS\System32\MSLS31.DLL (0x746C0000) D:\WINDOWS\System32\WINSPOOL.DRV (0x73000000) D:\WINDOWS\System32\wdmaud.drv (0x72D20000) D:\WINDOWS\System32\msacm32.drv (0x72D10000) D:\WINDOWS\System32\MSACM32.dll (0x77BE0000) D:\WINDOWS\System32\midimap.dll (0x77BD0000) D:\WINDOWS\System32\msxml3.dll (0x72E00000) D:\WINDOWS\System32\vbscript.dll (0x73300000) D:\WINDOWS\System32\IMGUTIL.DLL (0x66880000) D:\WINDOWS\System32\pngfilt.dll (0x5E310000) D:\WINDOWS\System32\wmp.dll (0x07680000) D:\WINDOWS\System32\MSVFW32.dll (0x73BD0000) D:\WINDOWS\System32\wmploc.dll (0x08110000) D:\Program Files\Java\j2re1.4.2\bin\npjpi142.dll (0x6D440000) D:\WINDOWS\System32\OLEPRO32.DLL (0x5EDD0000) D:\Program Files\Java\j2re1.4.2\bin\jpiexp32.dll (0x6D310000) D:\Program Files\Java\j2re1.4.2\bin\jpishare.dll (0x6D380000) D:\PROGRA~1\Java\J2RE14~1.2\bin\client\jvm.dll (0x04F20000) D:\PROGRA~1\Java\J2RE14~1.2\bin\hpi.dll (0x02FE0000) D:\PROGRA~1\Java\J2RE14~1.2\bin\verify.dll (0x05070000) D:\PROGRA~1\Java\J2RE14~1.2\bin\java.dll (0x05080000) D:\PROGRA~1\Java\J2RE14~1.2\bin\zip.dll (0x050A0000) D:\Program Files\Java\j2re1.4.2\bin\awt.dll (0x083E0000) D:\Program Files\Java\j2re1.4.2\bin\fontmanager.dll (0x075F0000) D:\WINDOWS\System32\D3DIM700.DLL (0x5C000000) D:\Program Files\Java\j2re1.4.2\bin\jpicom32.dll (0x6D2F0000) D:\Program Files\Java\j2re1.4.2\bin\net.dll (0x07660000) D:\WINDOWS\System32\wintrust.dll (0x76C30000) D:\WINDOWS\system32\IMAGEHLP.dll (0x76C90000) D:\WINDOWS\System32\schannel.dll (0x767F0000) D:\WINDOWS\System32\rsaenh.dll (0x0FFD0000) D:\WINDOWS\System32\dssenh.dll (0x0FFA0000) D:\WINDOWS\System32\wmvcore.dll (0x09270000) D:\WINDOWS\System32\WMASF.DLL (0x09470000) D:\WINDOWS\System32\actxprxy.dll (0x71D40000) D:\WINDOWS\System32\dispex.dll (0x6CC60000) D:\WINDOWS\System32\mshtmled.dll (0x74CB0000) D:\WINDOWS\System32\wmnetmgr.dll (0x09D90000) D:\WINDOWS\system32\msv1_0.dll (0x76D10000) D:\WINDOWS\system32\wdigest.dll (0x74380000) D:\WINDOWS\System32\winhttp.dll (0x76080000) D:\WINDOWS\System32\MPRAPI.dll (0x76D40000) D:\WINDOWS\System32\ACTIVEDS.dll (0x76E40000) D:\WINDOWS\System32\adsldpc.dll (0x76E10000) D:\WINDOWS\System32\SAMLIB.dll (0x71BF0000) D:\WINDOWS\System32\iphlpapi.dll (0x76D60000) D:\WINDOWS\System32\netman.dll (0x76DE0000) D:\WINDOWS\System32\WZCSvc.DLL (0x70B50000) D:\WINDOWS\System32\WMI.dll (0x76D30000) D:\WINDOWS\System32\DHCPCSVC.DLL (0x76D80000) D:\WINDOWS\System32\WTSAPI32.dll (0x76F50000) D:\WINDOWS\System32\WINSTA.dll (0x76360000) D:\WINDOWS\System32\ESENT.dll (0x69710000) D:\WINDOWS\System32\hnetcfg.dll (0x68880000) D:\WINDOWS\System32\netshell.dll (0x75CF0000) D:\WINDOWS\System32\credui.dll (0x76C00000) D:\WINDOWS\System32\wbem\wbemprox.dll (0x74EF0000) D:\WINDOWS\System32\wbem\wbemcomn.dll (0x75290000) D:\WINDOWS\System32\wbem\wbemsvc.dll (0x74ED0000) D:\WINDOWS\System32\wbem\fastprox.dll (0x75690000) D:\WINDOWS\System32\quartz.dll (0x35500000) D:\WINDOWS\System32\msdmo.dll (0x0ADF0000) D:\WINDOWS\System32\wmadmod.dll (0x0AE00000) D:\WINDOWS\System32\devenum.dll (0x35680000) D:\WINDOWS\System32\DSOUND.DLL (0x51080000) D:\WINDOWS\System32\KsUser.dll (0x5EF80000)

======================================================

Log entry below recorded at:<Date and Time> ======================================================

Process ID:3764 (msmsgs.exe)

User context:MYDOMAIN\user

Process doesn't appear to be a service

PID	Port		Local IP	State:		 Remote IP:Port 3764	TCP 16521	169.254.66.8 	LISTENING	 0.0.0.0:45294 3764	UDP 4803	0.0.0.0 			 *:* 3764	UDP 9586	169.254.66.8 			 *:* 3764	UDP 55441  	169.254.66.8 			 *:*

Port Statistics

TCP mappings:1 UDP mappings: 3

TCP ports in a LISTENING state: 	1 = 100.00%

Loaded modules:D:\Program Files\Messenger\msmsgs.exe (0x00400000)

D:\WINDOWS\System32\ntdll.dll (0x77F50000) D:\WINDOWS\system32\kernel32.dll (0x77E60000) D:\WINDOWS\system32\ADVAPI32.DLL (0x77DD0000) D:\WINDOWS\system32\RPCRT4.dll (0x78000000) D:\WINDOWS\system32\GDI32.DLL (0x77C70000) D:\WINDOWS\system32\USER32.dll (0x77D40000) D:\WINDOWS\system32\OLE32.DLL (0x771B0000) D:\WINDOWS\system32\OLEAUT32.DLL (0x77120000) D:\WINDOWS\system32\MSVCRT.DLL (0x77C10000) D:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\COMCTL32.DLL (0x71950000) D:\WINDOWS\system32\SHLWAPI.dll (0x70A70000) D:\WINDOWS\system32\SHELL32.DLL (0x773D0000) D:\WINDOWS\System32\uxtheme.dll (0x5AD70000) D:\Program Files\Messenger\MSGSLANG.DLL (0x69200000) D:\WINDOWS\System32\CLBCATQ.DLL (0x76FD0000) D:\WINDOWS\System32\COMRes.dll (0x77050000) D:\WINDOWS\system32\VERSION.dll (0x77C00000) D:\WINDOWS\System32\SXS.DLL (0x75E90000) D:\WINDOWS\System32\wtsapi32.dll (0x76F50000) D:\WINDOWS\System32\WINSTA.dll (0x76360000) D:\WINDOWS\System32\es.dll (0x76B70000) D:\WINDOWS\System32\WS2_32.dll (0x71AB0000) D:\WINDOWS\System32\WS2HELP.dll (0x71AA0000) D:\Program Files\Messenger\rtcimsp.dll (0x00F30000) D:\WINDOWS\System32\WSOCK32.dll (0x71AD0000) D:\WINDOWS\System32\rtcdll.dll (0x5D370000) D:\WINDOWS\System32\ATL.DLL (0x76B20000) D:\WINDOWS\System32\Secur32.dll (0x76F90000) D:\WINDOWS\system32\WININET.dll (0x76200000) D:\WINDOWS\system32\CRYPT32.dll (0x762C0000) D:\WINDOWS\system32\MSASN1.dll (0x762A0000) D:\WINDOWS\System32\WINMM.dll (0x76B40000) D:\WINDOWS\System32\iphlpapi.dll (0x76D60000) D:\WINDOWS\System32\DNSAPI.dll (0x76F20000) D:\WINDOWS\System32\termmgr.dll (0x5B6F0000) D:\WINDOWS\System32\rtutils.dll (0x76E80000) D:\WINDOWS\System32\quartz.dll (0x35500000) D:\WINDOWS\system32\mswsock.dll (0x71A50000) D:\WINDOWS\System32\wshtcpip.dll (0x71A90000) D:\WINDOWS\System32\dxmrtp.dll (0x6BE70000) D:\WINDOWS\System32\MSVFW32.dll (0x73BD0000) D:\WINDOWS\System32\DSOUND.dll (0x51080000) D:\WINDOWS\System32\PSAPI.DLL (0x76BF0000) D:\WINDOWS\System32\devenum.dll (0x35680000) D:\WINDOWS\System32\setupapi.dll (0x76670000) D:\WINDOWS\System32\wdmaud.drv (0x72D20000) D:\WINDOWS\System32\msacm32.drv (0x72D10000) D:\WINDOWS\System32\MSACM32.dll (0x77BE0000) D:\WINDOWS\System32\midimap.dll (0x77BD0000) D:\WINDOWS\System32\msdmo.dll (0x01450000) D:\WINDOWS\System32\dpnhupnp.dll (0x018A0000) D:\WINDOWS\System32\rsaenh.dll (0x0FFD0000) D:\WINDOWS\System32\rasapi32.dll (0x76EE0000) D:\WINDOWS\System32\rasman.dll (0x76E90000) D:\WINDOWS\System32\NETAPI32.dll (0x71C20000) D:\WINDOWS\System32\TAPI32.dll (0x76EB0000) D:\WINDOWS\System32\hnetcfg.dll (0x68880000) D:\WINDOWS\System32\netshell.dll (0x75CF0000) D:\WINDOWS\System32\credui.dll (0x76C00000) D:\WINDOWS\System32\DHCPCSVC.DLL (0x76D80000) D:\WINDOWS\System32\wbem\wbemprox.dll (0x74EF0000) D:\WINDOWS\System32\wbem\wbemcomn.dll (0x75290000) D:\WINDOWS\System32\wbem\wbemsvc.dll (0x74ED0000) D:\WINDOWS\System32\wbem\fastprox.dll (0x75690000) D:\WINDOWS\System32\netcfgx.dll (0x755F0000) D:\WINDOWS\System32\CLUSAPI.dll (0x55560000) D:\WINDOWS\System32\sensapi.dll (0x722B0000)

======================================================

Log entry below recorded at:<Date and Time> ======================================================

Process ID:2424 (Virtual PC.exe)

User context:MYDOMAIN\user

Process doesn't appear to be a service

PID	Port		Local IP	State:		 Remote IP:Port 2424	TCP 1262	0.0.0.0 	LISTENING	 0.0.0.0:2192 2424	TCP 1731	0.0.0.0 	LISTENING	 0.0.0.0:53467 2424	TCP 2226	0.0.0.0 	LISTENING	 0.0.0.0:45214 2424	TCP 2229	0.0.0.0 	LISTENING	 0.0.0.0:2176 2424	TCP 4724	0.0.0.0 	LISTENING	 0.0.0.0:26634 2424	TCP 4725	0.0.0.0 	LISTENING	 0.0.0.0:2172 2424	TCP 4726	0.0.0.0 	LISTENING	 0.0.0.0:39049 2424	TCP 4727	0.0.0.0 	LISTENING	 0.0.0.0:37118 2424	TCP 4728	0.0.0.0 	LISTENING	 0.0.0.0:16491 2424	TCP 4729	0.0.0.0 	LISTENING	 0.0.0.0:20734 2424	TCP 4925	0.0.0.0 	LISTENING	 0.0.0.0:2064 2424	TCP 4930	0.0.0.0 	LISTENING	 0.0.0.0:8249 2424	TCP 4931	0.0.0.0 	LISTENING	 0.0.0.0:61639 2424	TCP 4932	0.0.0.0 	LISTENING	 0.0.0.0:22535 2424	TCP 2189	127.0.0.1 	LISTENING	 0.0.0.0:45095 2424	TCP 1262	169.254.66.8 	ESTABLISHED 	 169.254.5.214:1745 2424	TCP 1731	169.254.66.8 	ESTABLISHED 	 169.254.4.228:1745 2424	TCP 2226	169.254.66.8 	ESTABLISHED 	 157.56.120.30:1745 2424	TCP 2229	169.254.66.8 	ESTABLISHED 	 157.56.121.78:1745 2424	TCP 4724	169.254.66.8 	ESTABLISHED 	 169.254.4.38:1745 2424	TCP 4725	169.254.66.8 	ESTABLISHED 	 169.254.5.105:1745 2424	TCP 4726	169.254.66.8 	ESTABLISHED 	 169.254.5.103:1745 2424	TCP 4727	169.254.66.8 	ESTABLISHED 	 169.254.4.240:1745 2424	TCP 4728	169.254.66.8 	ESTABLISHED 	 169.254.7.23:1745 2424	TCP 4729	169.254.66.8 	ESTABLISHED 	 169.254.4.241:1745 2424	TCP 4925	169.254.66.8 	ESTABLISHED 	 169.254.121.89:1745 2424	TCP 4930	169.254.66.8 	ESTABLISHED 	 169.254.113.92:1745 2424	TCP 4931	169.254.66.8 	ESTABLISHED 	 169.254.113.87:1745 2424	TCP 4932	169.254.66.8 	ESTABLISHED 	 169.254.121.93:1745 2424	UDP 2686	0.0.0.0 			 *:* 2424	UDP 2687  	0.0.0.0 			 *:*

Port Statistics

TCP mappings:29 UDP mappings: 2

TCP ports in a LISTENING state:	15 = 51.72% TCP ports in a ESTABLISHED state: 	14 = 48.28%

Loaded modules:C:\Program Files\Microsoft Virtual PC\Virtual PC.exe (0x00400000)

C:\WINDOWS\System32\ntdll.dll (0x77F50000) C:\WINDOWS\system32\kernel32.dll (0x77E60000) C:\WINDOWS\System32\DDRAW.dll (0x51000000) C:\WINDOWS\system32\msvcrt.dll (0x77C10000) C:\WINDOWS\system32\USER32.dll (0x77D40000) C:\WINDOWS\system32\GDI32.dll (0x77C70000) C:\WINDOWS\system32\ADVAPI32.dll (0x77DD0000) C:\WINDOWS\system32\RPCRT4.dll (0x78000000) C:\WINDOWS\System32\DCIMAN32.dll (0x73BC0000) C:\WINDOWS\System32\DINPUT.dll (0x72280000) C:\WINDOWS\System32\WINMM.dll (0x76B40000) C:\WINDOWS\System32\iphlpapi.dll (0x76D60000) C:\WINDOWS\System32\WS2_32.dll (0x71AB0000) C:\WINDOWS\System32\WS2HELP.dll (0x71AA0000) C:\WINDOWS\System32\PSAPI.DLL (0x76BF0000) C:\WINDOWS\system32\comdlg32.dll (0x763B0000) C:\WINDOWS\system32\SHLWAPI.dll (0x70A70000) C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.10.0_x-ww_f7fb5805\COMCTL32.dll (0x71950000) C:\WINDOWS\system32\SHELL32.dll (0x773D0000) C:\WINDOWS\System32\WINSPOOL.DRV (0x73000000) C:\WINDOWS\system32\ole32.dll (0x771B0000) C:\WINDOWS\system32\OLEAUT32.dll (0x77120000) C:\WINDOWS\system32\VERSION.dll (0x77C00000) C:\WINDOWS\System32\OLEACC.dll (0x74C80000) C:\WINDOWS\System32\MSVCP60.dll (0x55900000) C:\WINDOWS\System32\uxtheme.dll (0x5AD70000) C:\WINDOWS\System32\MSCTF.dll (0x74720000) C:\WINDOWS\System32\CLBCATQ.DLL (0x76FD0000) C:\WINDOWS\System32\COMRes.dll (0x77050000) C:\WINDOWS\System32\msxml4.dll (0x69B10000) C:\WINDOWS\System32\LINKINFO.dll (0x76980000) C:\WINDOWS\System32\ntshrui.dll (0x76990000) C:\WINDOWS\System32\ATL.DLL (0x76B20000) C:\WINDOWS\System32\NETAPI32.dll (0x71C20000) C:\WINDOWS\system32\USERENV.dll (0x75A70000) C:\Program Files\Microsoft Firewall Client\wspwsp.dll (0x55600000) C:\WINDOWS\System32\mswsock.dll (0x71A50000) C:\WINDOWS\System32\DNSAPI.dll (0x76F20000) C:\WINDOWS\System32\winrnr.dll (0x76FB0000) C:\WINDOWS\system32\WLDAP32.dll (0x76F60000) C:\WINDOWS\System32\wshtcpip.dll (0x71A90000) C:\WINDOWS\System32\rasadhlp.dll (0x76FC0000) C:\WINDOWS\System32\wdmaud.drv (0x72D20000) C:\WINDOWS\System32\msacm32.drv (0x72D10000) C:\WINDOWS\System32\MSACM32.dll (0x77BE0000) C:\WINDOWS\System32\midimap.dll (0x77BD0000) C:\WINDOWS\System32\HID.DLL (0x688F0000) C:\WINDOWS\System32\SETUPAPI.DLL (0x76670000) C:\Documents and Settings\user\Application Data\Microsoft\Virtual PC\VPCKeyboard.dll (0x10000000) C:\WINDOWS\System32\mslbui.dll (0x605D0000) C:\WINDOWS\System32\Secur32.dll (0x76F90000) C:\WINDOWS\System32\security.dll (0x71F80000) C:\WINDOWS\system32\msv1_0.dll (0x76D10000) C:\WINDOWS\system32\appHelp.dll (0x75F40000) C:\WINDOWS\System32\cscui.dll (0x76620000) C:\WINDOWS\System32\CSCDLL.dll (0x76600000) C:\WINDOWS\system32\MPR.dll (0x71B20000) C:\WINDOWS\System32\ntlanman.dll (0x71C10000) C:\WINDOWS\System32\NETUI0.dll (0x71CD0000) C:\WINDOWS\System32\NETUI1.dll (0x71C90000) C:\WINDOWS\System32\NETRAP.dll (0x71C80000) C:\WINDOWS\System32\SAMLIB.dll (0x71BF0000) C:\WINDOWS\System32\drprov.dll (0x75F60000) C:\WINDOWS\System32\davclnt.dll (0x75F70000)

Port Reporter 服務會查看連接埠是否有任何變更,並將那些變更記錄在記錄檔中。這些變更可能包含連接埠上連線數目的增加或減少,或是現有連線的連線狀態變更。出現連線至 TCP 連接埠的新連線,或關閉現有連線時,Port Reporter 服務就會加以回報。此外,如果連接埠上任何一個 TCP 連線的狀態有所變更,Port Reporter 服務也會回報。TCP 連接埠狀態包括:
  • CLOSE_WAIT
  • CLOSED
  • ESTABLISHED
  • FIN_WAIT_1
  • LAST_ACK
  • LISTEN
  • SYN_RECEIVED
  • SYN_SEND
  • TIMED_WAIT
例如,當使用 ESTABLISHED 狀態的連線改為 CLOSE_WAIT 狀態時,即為狀態變更。有時候,Port Reporter 服務可能會回報,系統閒置處理程序 (PID 0) 使用某些 TCP 連接埠。當電腦中所安裝的某個程式連線至 TCP 連接埠,然後很快地從連接埠斷線時,可能就會出現這種情況。儘管此程式並未再執行,但程式及連接埠之間的 TCP 連線還是會處於「排定等候」(Timed Wait) 的狀態。在這種情況中,Port Reporter 服務可能會偵測正在使用的連接埠,但是無法識別使用連接埠的程式,因為程式已不再執行。雖然之前使用連接埠的處理程序已不再執行,但連接埠還是可以維持在「排定等候」狀態中,最多幾分鐘。

當您啟動電腦上所安裝且使用新 UDP 連接埠的程式時,Port Reporter 也會建立記錄檔項目。例如,如果程式繫結至 UDP 連接埠 69,Port Reporter 服務就會將此動作記錄至 PR-PORTS 和 PR-PIDS 記錄檔中。Port Reporter 服務並不會記錄傳送至 UDP 連接埠的 UDP 資料流,只會記錄所繫結及接受資料流的 UDP 連接埠。Microsoft 建議您檢查 Port Reporter 服務所記錄之事件的系統事件日誌及應用程式事件日誌。Port Reporter 服務會將啟動服務、建立記錄檔、停止服務或服務發生錯誤等事件記錄下來。事件的來源會記錄為 PortReporter。事件 ID 是介於 100 和 112 之間。

由於 Windows 2000 系統不支援連接埠對處理程序對應,因此 PR-PIDS 記錄檔會包含下列行:
Port to process mappings are not available on this system. (此系統無法使用連接埠對處理程序對應)


其他相關資訊

如果要檢閱有關 Port Reporter 的 WebCast,請按一下下列「Microsoft 知識庫」文件編號:
840832 Support WebCast:Port Reporter

?考

相關的工具,如 PortQry 2.0,可以讓您追蹤單一連接埠上的活動,或特定處理程序所使用的所有連接埠。 如需有關 PortQry 2.0 的詳細資訊,請按一下下面的文件編號,檢視「Microsoft 知識庫」中的文件:
832919 PortQry 2.0 中的新功能和特色
重要 PortQueryUI 工具具有圖形化使用者介面,現已提供下載。PortQueryUI 中的數個功能可以讓您更輕鬆地使用 PortQry。如果要取得 PortQueryUI 工具,請造訪下列 Microsoft 網站:
http://download.microsoft.com/download/3/f/4/3f4c6a54-65f0-4164-bdec-a3411ba24d3a/PortQryUI.exe
重要 Port Reporter Parser 工具是 Port Reporter 記錄檔的記錄剖析器,現已提供下載。Port Reporter Parser 中有許多進階功能,可以協助您分析 Port Reporter 記錄檔。如果要取得 Port Reporter Parser 工具,請造訪下列 Microsoft 網站:
http://download.microsoft.com/download/2/8/8/28810043-0e21-4004-89a3-2f477a74186f/PRParser.exe

屬性

文章編號: 837243 - 上次校閱: 2005年6月1日 - 版次: 6.1
這篇文章中的資訊適用於:
  • Microsoft Windows Server 2003, Enterprise Edition (32-bit x86)
  • Microsoft Windows Server 2003, Standard Edition (32-bit x86)
  • Microsoft Windows XP Professional
  • Microsoft Windows 2000 Professional Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
關鍵字:?
kbhowtomaster KB837243
Microsoft及(或)其供應商不就任何在本伺服器上發表的文字資料及其相關圖表資訊的恰當性作任何承諾。所有文字資料及其相關圖表均以「現狀」供應,不負任何擔保責任。Microsoft及(或)其供應商謹此聲明,不負任何對與此資訊有關之擔保責任,包括關於適售性、適用於某一特定用途、權利或不侵權的明示或默示擔保責任。Microsoft及(或)其供應商無論如何不對因或與使用本伺服器上資訊或與資訊的實行有關而引起的契約、過失或其他侵權行為之訴訟中的特別的、間接的、衍生性的損害或任何因使用而喪失所導致的之損害、資料或利潤負任何責任。

提供意見

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com