byte - Abbreviation for binary term, a unit of storage capable of holding a single character. On almost all modern computers, a byte is equal to 8 bits. Large amounts of memory are indicated in terms of kilobytes (1,024 bytes), megabytes (1,048,576 bytes), and gigabytes (1,073,741,824 bytes).
client - The client part of a client-server architecture. Typically, a client is an application that runs on a personal computer or workstation and relies on a server to perform some operations. For example, an e-mail client is an application that enables you to send and receive
email.
dead socket - A socket that has terminated but remains visible in Port Explorer for a pre-specified period of time (3 seconds by default). Dead sockets are usually highlighted with a red background color.
domain - A group of computers and devices on a network that are administered as a unit with common rules and procedures. Within the Internet, domains are defined by the IP address. All devices sharing a common part of the IP address are said to be in the same domain.
DiamondCS - Please visit us on the web at http://www.diamondcs.com.au
honeypot - An Internet-attached server that acts as a decoy, luring in potential hackers in order to study their activities and monitor how they are able to break into a system. Honeypots are designed to mimic systems that an intruder would like to break into but limit the intruder from having access to an entire network. If a honeypot is successful, the intruder will have no idea that s/he is being tricked and monitored. Most honeypots are installed inside firewalls so that they can better be controlled, though it is possible to install them outside of firewalls. A firewall in a honeypot works in the opposite way that a normal firewall works: instead of restricting what comes into a system from the Internet, the honeypot firewall allows all traffic to come in from the Internet and restricts what the system sends back out.
hop - An intermediate connection in a string of connections linking two network devices. On the Internet, for example, most data packets need to go through several routers before they reach their final destination. Each time the packet is forwarded to the next router, a hop occurs. The more hops, the longer it takes for data to go from source to destination. You can see how many hops it takes to get to another Internet host by using the Ping or Traceroute utilities.
ICMP - Short for Internet Control Message Protocol, an extension to the Internet Protocol (IP) defined by RFC 792. ICMP supports packets containing error, control, and informational messages. The ping command, for example, uses ICMP to test an Internet connection.
IP address - An identifier for a computer or device on a TCP/IP network. Networks using the TCP/IP protocol route messages based on the IP address of the destination. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 1.160.10.240 could be an IP address.
local-area network (LAN) - A computer network that spans a relatively small area. Most LANs are confined to a single building or group of buildings. However, one LAN can be connected to other LANs over any distance via telephone lines and radio waves. A system of LANs connected in this way is called a wide-area network (WAN).
malware - Abbreviation for "malicious software" - any software that contains hostile or malicious code or can disrupt or damage a system.
netstat - A common console program found on most operating systems that allows the user to see a list of the sockets currently in use on the system.
packet - A piece of a message transmitted over a packet-switching network. One of the key features of a packet is that it contains the destination address in addition to the data. In IP networks, packets are often called datagrams.
packet-sniffer - A program and/or device that monitors data traveling over a network. Sniffers can be used both for legitimate network management functions and for stealing information off a network. Unauthorized sniffers can be extremely dangerous to a network's security because they are virtually impossible to detect and can be inserted almost anywhere. This makes them a favorite weapon in the hacker's arsenal.
Ping - A utility to determine whether a specific IP address is accessible. It works by sending a packet to the specified address and waiting for a reply. PING is used primarily to troubleshoot Internet connections. There are many freeware and shareware Ping utilities available for personal computers.
port - In TCP/IP and UDP networks, a port is an endpoint to a logical connection. The port number identifies what type of port it is. For example, port 80 is used for HTTP traffic.
process - An executing program. The term is used loosely as a synonym of task.
process ID - A unique identification number given to every process on your system. You can often run multiple instances of one program, but each instance will have its own unique process ID.
protocol - An agreed-upon format for transmitting data between two devices. Protocols can determine the following: the type of error checking to be used , data compression method (if any), how the sending device will indicate that it has finished sending a message, and how the receiving device will indicate that it has received a message. TCP, UDP, and ICMP are three of the more common protocols used on the Internet and TCP/IP networks.
remote access trojan (RAT) - A common class of modern trojan that uses sockets (usually TCP or UDP) to allow backdoor access into a system.
Resolve - A Port Explorer utility that allows you to resolve IP address to their DNS addresses, and vice versa.
SeDebugPrivilege - SeDebugPrivilege is a privilege level that Port Explorer elevates itself to, allowing it to obtain the process handle of any running application, which is required in order to terminate a process. Without SeDebugPrivilege, many process handles will not be available.
server - The server part of a client-server architecture. Typically, a server is an application that runs on a personal computer or workstation and relies on a client to connect to it to perform some operations. For example, an email server is an application that allows you to connect to it and use it to send email to other people. Most remote access trojans are servers.
socket - A software object that connects an application to a network protocol. For example, a program can send and receive TCP/IP messages by opening a socket and reading and writing data to and from the socket. This simplifies program development because the programmer need only worry about manipulating the socket and can rely on the operating system to actually transport messages across the network correctly. Note that a socket in this sense is completely soft - it's a software object, not a physical component.
spyware - Spyware is any software that covertly gathers user information through the user's Internet connection without his or her knowledge, usually for advertising purposes. Spyware applications are typically bundled as a hidden component of freeware or shareware programs that can be downloaded from the Internet. Once installed, the spyware monitors user activity on the Internet and transmits that information in the background to someone else. Spyware can also gather information about e-mail addresses and even passwords and credit card numbers.
status - The status of the socket at the time of the last display refresh (usually every 1 or 3 seconds).
TCP - Abbreviation of Transmission Control Protocol, and pronounced as separate letters. TCP is one of the main protocols in TCP/IP networks. Whereas the IP protocol deals only with packets, TCP enables two hosts to establish a connection and exchange streams of data. TCP guarantees delivery of data and also guarantees that packets will be delivered in the same order in which they were sent.
TCP/IP - Abbreviation for Transmission Control Protocol/Internet Protocol, the suite of communications protocols used to connect hosts on the Internet. TCP/IP uses several protocols, the two main ones being TCP and IP. TCP/IP is built into the UNIX operating system and is used by the Internet, making it the de facto standard for transmitting data over networks. Even network operating systems that have their own protocols, such as Netware, also support TCP/IP.
TDS - Trojan Defence Suite (also TDS3), the most comprehensive anti-trojan program available for Windows users today. Available at http://tds.diamondcs.com.au
TIME_WAIT - TIME_WAIT is a state that all TCP connections enter into when their connection has been closed. The length of time for this state varies on different operating systems but it's usually 240 seconds, which is to allow for any duplicate segments still in the network from the previous connection to expire.
Traceroute - A utility in Port Explorer that traces a packet from your computer to an Internet host, showing how many hops the packet requires to reach the host and how long each hop takes. If you're visiting a Web site and pages are appearing slowly, you can use traceroute to figure out where the longest delays are occurring. Traceroute utilities work by sending packets with low time-to-live (TTL) fields. The TTL value specifies how many hops the packet is allowed before it is returned. When a packet can't reach its destination because the TTL value is too low, the last host returns the packet and identifies itself. By sending a series of packets and incrementing the TTL value with each successive packet, traceroute finds out who all the intermediary hosts are.
trojan - See remote access trojan.
UDP - Short for User Datagram Protocol, a connectionless protocol that, like TCP, runs on top of IP networks. Unlike TCP/IP, UDP/IP provides very few error recovery services, offering instead a direct way to send and receive datagrams over an IP network. It's used primarily for broadcasting messages over a network.
Winsock - Short for Windows Socket, Winsock is an Application Programming Interface (API) for developing Windows programs that can communicate with other machines via the TCP/IP protocol. Windows 95 and Windows NT comes with Dynamic Link Library (DLL) called winsock.dll that implements the API and acts as the glue between Windows programs and TCP/IP connections. In addition to the Microsoft version of winsock.dll, there are other freeware and shareware versions of winsock.dll. However, there is no official standard for the Winsock API, so each implementation differs in minor ways. Port Explorer requires Winsock 2 to be installed (it is installed by default on most Microsoft Windows systems).
Whois - An Internet utility that returns information about a domain name or IP address. For example, if you enter a domain name such as diamondcs.com.au, whois will return the name and address of the domain's owner.