Re: [PEN-TEST] ports

["Dunker, Noah" <NDunker () FISHNETSECURITY COM>]

I think Erik Tayler has a good point about it being SSH, but maybe
it's important to note something simple here.  The question of
"What executeable has this port listening" (at least on Linux) can
almost always be answered with netstat -an and lsof.  For example:

I run netcat, to listen on port 8093.

[yermom@sniffer yermom]$ /sbin/nc -l -p 8093


nmap from another host shows port 8093 is open... What's got it open?
...back to sniffer my laptop...gonna use root for lsof

[root@sniffer root]# lsof | grep 8093
nc      1710    yermom  3u      IPv4    2816            TCP *:8093 (LISTEN)



See?  the program "nc", which is PID 1710, has TCP Port 8093 Listening.

With the right tools, and some knowledge no one should have to ask what
program is listening on what port.

Hope this helps...

--Noah Dunker



-----Original Message-----
From: Dale, C [mailto:cdale () SILLY TECHMONKEYS NET]
Sent: Wednesday, September 06, 2000 3:02 PM
To: PEN-TEST () SECURITYFOCUS COM
Subject: ports


I'm wondering if anyone knows of any URLs which list everything that would
be on certain ports.  I know of a large /etc/services file on the web at
this URL:
http://people.redhat.com/alikins/services.txt
but it is not complete.  Specifically, I am trying to find out what runs
on ports 6010 and 6011 on linux boxes.
Thanks,
Cindy

 "A civilized society is one which tolerates eccentricity to the point of
doubtful sanity."
          -- Robert Frost