Security Incidents mailing list archives

RE: Strange set of TCP ports

From: "Romulo M. Cholewa" <rmc () rmc eti br>
Date: Mon, 19 Apr 2004 20:29:10 -0300

It's called tcpview, and you may find it here:

http://www.sysinternals.com/ntw2k/source/tcpview.shtml

Also, there are other ways to monitor this traffic, like installing
winpcap...

http://winpcap.polito.it/

... and using ethereal or windump...

http://www.ethereal.com/download.html

http://windump.polito.it/

... you may use ethereal if anything else fails trying to identify the
connections (at least you will be able to sniff it).

Good luck,

Romulo M. cholewa
Home: http://www.rmc.eti.br
News: http://www.rmc.eti.br/news
PGP key id 0x7F8A3B40





] -----Original Message-----
] From: mgotts () 2roads com [mailto:mgotts () 2roads com] 
] Sent: Monday, April 19, 2004 5:10 PM
] To: Harlan Carvey
] Cc: Incidents; Raistlin
] Subject: Re: Strange set of TCP ports
] 
] 
] > Run openports.exe from DiamondCS on the suspect boxen.
] >  If you don't have physical access, but do have admin
] > access, use psexec.exe from SysInternals, as well.
] 
] psexec.exe from SysInternals is a remote program execution 
] utility. I use 
] it now and then, and am not aware of any capability to have 
] it list ports 
] in use and what programs are using them.
] 
] SysInternals probably does have such a utility, but I'm not 
] sure what it 
] is off the top of my head.
] 
] -- Mark
] 
] > 
] > 
] > --- Raistlin <raistlin () gioco net> wrote:
] > > Greetings,
] > > 
] > > can someone help me in identifying the following
] > > strange subset of open
] > > TCP ports ?
] > > 3687/tcp open  unknown
] > > 3688/tcp open  unknown
] > > 3689/tcp open  rendezvous
] > > 3690/tcp open  unknown
] > > 3691/tcp open  unknown
] > > 
] > > Googling or looking at the usual known ports lists
] > > do not yield any
] > > results. I'd like to identify this beast if
] > > possible. Thanks in advance.
] > > 
] > > Stefano
] > > 
] > > 
] > >
] > 
] --------------------------------------------------------------
] -------------
] > >
] > 
] --------------------------------------------------------------
] --------------
] > > 
] > 
] > 
] > 
] --------------------------------------------------------------
] -------------
] > 
] --------------------------------------------------------------
] --------------
] > 
] 
] > ForwardSourceID:NT000844F2
] 
] --------------------------------------------------------------
] -------------
] --------------------------------------------------------------
] --------------
] 
] 

---------------------------------------------------------------------------
----------------------------------------------------------------------------

Current thread:

Re: Strange set of TCP ports, (continued)
- Re: Strange set of TCP ports Harlan Carvey (Apr 19)
  - Re: Strange set of TCP ports mgotts (Apr 19)
    - Re: Strange set of TCP ports Shashank Rai (Apr 20)
    - Re: Strange set of TCP ports Josh Tolley (Apr 20)
    - RE: Strange set of TCP ports Benjamin Tomhave (Apr 20)
    - Re: Strange set of TCP ports Scott Weeks (Apr 21)
- Re: Strange set of TCP ports Jim Matthews (Apr 20)
- RE: Strange set of TCP ports Steven Trewick (Apr 19)
- RE: Strange set of TCP ports Schmehl, Paul L (Apr 19)
- RE: Strange set of TCP ports J Jason Bridge (Apr 19)
- RE: Strange set of TCP ports Romulo M. Cholewa (Apr 20)
- RE: Strange set of TCP ports Chris Bell (Apr 20)
- Re: Strange set of TCP ports Raistlin (Apr 22)
- RE: Strange set of TCP ports Meidinger Chris (Apr 23)