Security Incidents mailing list archives
RE: Strange set of TCP ports
From: "Romulo M. Cholewa" <rmc () rmc eti br>
Date: Mon, 19 Apr 2004 20:29:10 -0300
It's called tcpview, and you may find it here: http://www.sysinternals.com/ntw2k/source/tcpview.shtml Also, there are other ways to monitor this traffic, like installing winpcap... http://winpcap.polito.it/ ... and using ethereal or windump... http://www.ethereal.com/download.html http://windump.polito.it/ ... you may use ethereal if anything else fails trying to identify the connections (at least you will be able to sniff it). Good luck, Romulo M. cholewa Home: http://www.rmc.eti.br News: http://www.rmc.eti.br/news PGP key id 0x7F8A3B40 ] -----Original Message----- ] From: mgotts () 2roads com [mailto:mgotts () 2roads com] ] Sent: Monday, April 19, 2004 5:10 PM ] To: Harlan Carvey ] Cc: Incidents; Raistlin ] Subject: Re: Strange set of TCP ports ] ] ] > Run openports.exe from DiamondCS on the suspect boxen. ] > If you don't have physical access, but do have admin ] > access, use psexec.exe from SysInternals, as well. ] ] psexec.exe from SysInternals is a remote program execution ] utility. I use ] it now and then, and am not aware of any capability to have ] it list ports ] in use and what programs are using them. ] ] SysInternals probably does have such a utility, but I'm not ] sure what it ] is off the top of my head. ] ] -- Mark ] ] > ] > ] > --- Raistlin <raistlin () gioco net> wrote: ] > > Greetings, ] > > ] > > can someone help me in identifying the following ] > > strange subset of open ] > > TCP ports ? ] > > 3687/tcp open unknown ] > > 3688/tcp open unknown ] > > 3689/tcp open rendezvous ] > > 3690/tcp open unknown ] > > 3691/tcp open unknown ] > > ] > > Googling or looking at the usual known ports lists ] > > do not yield any ] > > results. I'd like to identify this beast if ] > > possible. Thanks in advance. ] > > ] > > Stefano ] > > ] > > ] > > ] > ] -------------------------------------------------------------- ] ------------- ] > > ] > ] -------------------------------------------------------------- ] -------------- ] > > ] > ] > ] > ] -------------------------------------------------------------- ] ------------- ] > ] -------------------------------------------------------------- ] -------------- ] > ] ] > ForwardSourceID:NT000844F2 ] ] -------------------------------------------------------------- ] ------------- ] -------------------------------------------------------------- ] -------------- ] ] --------------------------------------------------------------------------- ----------------------------------------------------------------------------
Current thread:
- Re: Strange set of TCP ports, (continued)
- Re: Strange set of TCP ports Harlan Carvey (Apr 19)
- Re: Strange set of TCP ports mgotts (Apr 19)
- Re: Strange set of TCP ports Shashank Rai (Apr 20)
- Re: Strange set of TCP ports Josh Tolley (Apr 20)
- RE: Strange set of TCP ports Benjamin Tomhave (Apr 20)
- Re: Strange set of TCP ports Scott Weeks (Apr 21)
- Re: Strange set of TCP ports mgotts (Apr 19)
- Re: Strange set of TCP ports Jim Matthews (Apr 20)
- RE: Strange set of TCP ports Steven Trewick (Apr 19)
- RE: Strange set of TCP ports Schmehl, Paul L (Apr 19)
- RE: Strange set of TCP ports J Jason Bridge (Apr 19)
- RE: Strange set of TCP ports Romulo M. Cholewa (Apr 20)
- RE: Strange set of TCP ports Chris Bell (Apr 20)
- Re: Strange set of TCP ports Raistlin (Apr 22)
- RE: Strange set of TCP ports Meidinger Chris (Apr 23)
- Re: Strange set of TCP ports Harlan Carvey (Apr 19)