Current state-of-the-art ports, protocols, and services scanning applications generally require an open port on the system being scanned and the use of a graphical user interface; additionally, those tools only provide scan results data from a single moment during system operational time. Those tools provide an incomplete view of the port usage of the system being scanned. Such inadequate views of system port usage should not be used for the validation of a given system’s reported port usage. Given dynamic port assignment by software, a need exists for a versatile and upgradable software package that can readily and cost-effectively report on ports protocols and services over an undefined period of time. In order to achieve this goal, Orbis, Inc. has developed PPSR, or Ports Protocols Services Recorder. PPSR is a free software package designed to be a low impact windows service in order to allow system validators to record ports, protocols, and service usage on a local system for any desired time period of the system’s operation. Orbis engineers and Computer Scientists are receptive to user feedback; and they have and will continue to incorporate user feedback into PPSR upgrades.
The off-the-shelf PPSR package runs as a service on Windows XP, Windows Server 2003, and Windows 7. The service generates ‘$’ delimited data in log files which can be helpful for security purposes, troubleshooting scenarios, and profiling systems’ port usage. It scans and logs protocol activity, port activity, active processes, and registered services on a local Microsoft Windows system over an extended period of time.
When initiated, the PPSR periodically polls the system and records the results in a running log. For each system port log entry indicating system port activity the values included provide information on many items including the protocol, local address, foreign address, state, process ID, local physical address or IP address, local port number, foreign physical address or IP address, and foreign port number.
The PPSR service also probes the system and logs detailed configuration information about the local system configuration. The log entry values provide information on many items including operating system configuration, security information, product ID, hotfixes installed, and hardware properties, such as RAM space, disk space, network cards, domains, computers, and resources being shared by the system.
Additionally, the PPSR service scans information about processes executing on the system. Process log entries are unique and provide values for the image name, process ID, and the services associated with the image name.
By design PPSR log file data will provide the system administrator, system developer, or system validator the capability to identify and validate the usage of system resources critical to the configuration, validation, and security of a computer system.