netstat scanner

[Michel Arboi]

On Tue Aug 17 2004 at 13:04, Hemsley, Trevor wrote:

> But presumably suffers from the disadvantage that if a machine is
> compromised and netstat is replaced in order to hide trojan ports then
> that will not be detected... 

Nothing is perfect. It depends what you are looking for.
If you have to  audit a very sensitive production machine, I'd suggest
that you use this rather than classical port scanners.

You can also combined several scanners. e.g. netstat and nmap with TCP
scan only on standard port range and aggressive timing policy.