|
1
2
3 |
Availability and description of
the Port Reporter tool
|
|
On this page
|
|
SUMMARY
|
Overview
|
Install
the Port Reporter service
|
REFERENCES
|
|
INTRODUCTION
|
Obtain
the Port Reporter tool
|
MORE
INFORMATION
|
APPLIES
TO
|
|
|
SUMMARY
|
This article discusses the Port Reporter tool. The
Port Reporter tool runs as a service on computers that are running Windows
Server 2003, Windows XP, and Windows 2000. The tool logs TCP and UDP port
activity. This article contains information about how to obtain and
install the tool. When you install the tool, the Setup program creates the
appropriate registry entries and installs the Port Reporter service.
This article also contains information about how to use start
parameters to configure the Port Reporter service and information about
the Port Reporter log files that are generated by the Port Reporter
service.www.tartoos.com
|
|
INTRODUCTION
|
|
This article contains information about how to obtain,
install, and configure the Port Reporter tool. The Port Reporter tool is a
tool that you can use to log TCP/IP port data on computers that are
running Microsoft Windows Server 2003, Microsoft Windows XP, or Microsoft
Windows 2000.
|
|
Overviewwww.tartoos.com
|
|
The Port Reporter tool logs TCP
and UDP port activity. The tool is a small program that runs as a service
on a computer that is running Windows Server 2003, Windows XP, or Windows
2000.
On Windows Server 2003 and on Windows XP-based computers,
the service can log the following information:
www.tartoos.com
|
|
• |
The ports that are used |
|
• |
The processes that use the port |
|
• |
Whether a process is a service |
|
• |
The modules that a process loaded |
| |
The user accounts that run a
process |
|
On Windows 2000-based computers, the
service logs the ports that are used and when the ports are used.
You can use the information that is logged by the Port Reporter
tool to help you track port usage and troubleshoot certain issues. The
information that is logged by the Port Reporter tool may also be helpful
for security purposes.
|
|
Obtain the Port Reporter tool |
The Port
Reporter tool is available from this link on the Microsoft Download
Center:
Important
The Port Reporter Parser tool is a log parser for Port Reporter log files.
This tool is now available for download. Port Reporter Parser has many
features that can help you analyze Port Reporter log files. You can
download the Port Reporter Parser tool from the following Microsoft web
site:
http://download.microsoft.com/download/2/8/8/28810043-0e21-4004-89a3-2f477a74186f/PRParser.exe
|
|
Install the Port Reporter service
|
|
When
you run the Setup program (Pr-Setup.exe) to install Port Reporter, the
Setup program performs the following operations:
|
|
Install the Port Reporter service to the
default location
|
|
•
|
Adds the following registry subkey to the Windows
registry:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application\PortReporter
The
Port Reporter service requires this registry key to log entries to
the application event log on the computer.
|
|
•
|
Installs the Port Reporter service.
The Setup
program creates a service object for the Port Reporter tool and then
adds the object to the Service Control Manager database.
|
|
By default, the Port Reporter service is installed to
the following folder on the hard disk:
www.tartoos.com
drive:\Program Files\PortReporter
To
install the Port Reporter service to the default location:
|
| 1 |
Log on to the computer as a member of the local
administrators group. |
| 2 |
Quit all programs that are running on the computer,
including the Services tool and Event Viewer in Administrative
Tools. |
| 3 |
Double-click Pr-Setup.exe to run the Setup program.
|
| 4 |
When you are prompted to install the Port Reporter
tool to the Program Files folder, press Y.
After you press Y,
the Setup program creates a subfolder named PortReporter in the
Program Files folder. Portreporter.exe is copied to the subfolder
and is registered as a service in Service Control Manager.
|
|
Install the Port Reporter service to a different location than the
default location
To install the Port
Reporter service to a different location than the default location:
|
|
1
|
Log on to the computer as a member of the local
administrators group.
|
|
2
|
Quit all programs that are running on the computer,
including the Services tool and Event Viewer in Administrative
Tools.
|
|
3
|
Copy the Pr-setup.exe file and the Portreporter.exe
file to the folder where you want to install the Port Reporter tool
to.
Note You have to run the Setup program from a
fixed, local drive. You cannot run the Setup program from a network
drive or from a CD-ROM drive.
|
|
4
|
At the command prompt, type the following line, and
then press ENTER, where PathOfFolder is the drive and
path of the folder that contains the Pr-setup.exe file and the
Portreporter.exe file:
pr-setup.exe -d
'PathOfFolder'
For example, to install the
tool to the D:\Tools\Port Reporter folder, type
pr-setup.exe –d
‘d:\tools\port reporter\’
You receive output that is
similar to the following in the Command Prompt window:
C:\temp>pr-setup.exe -d 'PathOfFolder'
Installing Port Reporter service: PathOfFolder
Creating service...completed successfully
Creating registry key and values...completed successfully
Setup has successfully installed the Port Reporter service
The service is currently stopped and set to manual startup typewww.tartoos.com
Please use the services applet in the control panel to configure
and start the Port Reporter service
press any key to exit setup
|
|
5
|
Press any key to exit the Setup
program.
|
|
|
Configure and start the Port Reporter
service
|
|
To verify that the Port Reporter service installed
successfully and to start the service, follow these steps:
|
|
1
|
Click Start,
right-click My Computer, and then
click Manage.
|
|
2
|
Expand Services and
Applications, and then expand Services.
|
|
3
|
In the right pane, verify that the Port Reporter
service is listed.
|
|
4
|
To start the service, double-click the service name,
and then click to select the Start
button. Click OK.
The Port
Reporter service will create a log entry in the application log that
indicates that it is started.
|
|
By default, the
startup type for the Port Reporter service is set to use the Manual setting. If you want the service to start
automatically when Windows starts, set the startup type to use the Automatic setting.
By default, the Port
Reporter service uses the Local System account to log on to the computer.
By using the Local System account, the Port Reporter service can gather
details about processes that the administrator account or other user
accounts do not have access to. Because of this, Microsoft recommends that
you do not modify this setting.
Note Because this service
runs in the context of the Local System account, Microsoft recommends that
you secure the folder where Port Reporter is installed. Whether you
install Port Reporter in its default location (%SystemDrive%\Program
Files\PortReporter) or in a custom location, you must take these steps:
|
|
Install Port Reporter only on an NTFS file system
partition
|
Adjust the Access Control List (ACLs) on the
installation folder so that only the local Administrators group has
access to the folder. To do this, follow these steps:
|
1
|
Start Windows Explorer, and then find the
installation folder. By default, it is %SystemDrive%\Program
Files\PortReporter.
|
|
2
|
Right-click on the folder, and then click
Properties.
|
|
3
|
In the folder property dialog box, click the
Security tab, and then inspect
the group and user names that have access to the folder. Only
the local Administrators group and the System account should
have access to this folder
|
|
4
|
Select any other groups and users that are
listed, and then click Remove.
When the list contains only the local Administrators group and
the System account, click Apply,
and then click OK.
|
|
|
1
2
3 |
|
|
مدرسة
الكمبيوتر 