The foreign_address and foreign_port item entities were added to win-def:port_item. Support should be added to the interpreter for collecting this.
The docs say in the case of server TCP sockets, the port is usually "*". Is this a requirement or only a recommendation? The MSDN docs say that the dwRemotePort and dwRemoteAddr are meaningless for server sockets (i.e. those when dwState is MIB_TCP_STATE_LISTEN).
Also, UDP is connectionless, so there is no remote socket address info for those.
Log in to post a comment.