A couple of tools we use frequently:
-<a href="http://technet.microsoft.com/en-us/sysinternals/bb897437.aspx">Sysinternal's TCPView</a>
Wireshark is a must!
The <a href="http://technet.microsoft.com/en-us/sysinternals/default.aspx">Sysinternals toolkit</a> is another excellent selection of utilities for security managers. It is also very valuable to be able to use these tools "live" from the internet. Simply use the address <b>http://live.sysinternals.com/toolname.exe</b>. This will get you the latest version of the tool and you can be sure it is not malware.
I also want to confirm that nmap is a must-have tool for scanning networks and finding open ports and listening services. You don't know what's happening on your network unless you listen (Wireshark) and scan (nmap). You can then use the Sysinternals tools (psexec for example to open a remote command shell) to investigate what you found with Wireshark and nmap.
Last Wiki Answer Submitted: April 14, 2010 8:01 pm by carlosdl63,580 pts.