Port Reporter is a nifty tool from Microsoft that you can use to log TCP and UDP activity on Windows machines; it logs port activity on ports that you specify to a text file. It’s extremely useful for monitoring traffic from specified machines or services, and it has a variety of useful features that I won’t enumerate– go download it already.
One thin Port Reporter didn’t have was a good way to parse the data it recorded in an easily-readable form. Of course, this is just the sort of thing that you’d want a tool for, and the Port Reporter author delivered in spades with Port Reporter Parser (PR-Parser). The parser (described in KB article 884289) adds some pretty slick analysis and parsing capabilities that can be very useful for incident response or troubleshooting. Check it out.
Paul's Down-Home Page 