PaulDotCom mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Service Fingerprinting

From: "Butturini, Russell" <Russell.Butturini () Healthways com>
Date: Thu, 9 Dec 2010 10:26:40 -0600
Netstat -ano will let you tie the listener to a PID.




On Dec 9, 2010, at 10:25 AM, "Kevin Shaw" <kevin.lee.shaw () gmail com<mailto:kevin.lee.shaw () gmail com>> wrote:


Perhaps you should run a netstat on the identified host. I would suggest seeing what is running on that system to 
determine what may be listening.

On Dec 9, 2010 9:01 AM, "Craig Freyman" <<mailto:craigfreyman () gmail com>craigfreyman () gmail 
com<mailto:craigfreyman () gmail com>> wrote:

I have not found any details on tcp 8474 anywhere. I've tried all nmap scans
and didnt have any luck. Just tried amap, still nothing. Thanks for the
ideas, I'll keep at it.

-C

On Wed, Dec 8, 2010 at 10:59 AM, Kevin Shaw <<mailto:kevin.lee.shaw () gmail com>kevin.lee.shaw () gmail 
com<mailto:kevin.lee.shaw () gmail com>>wrote:


Amap has already been pointed out; but I would run an nmap scan a second
time and see if it still shows up. The port may have been open and not
necessarily a listening service and responded to the SYN packet; try some
other TCP flags and see what response you get. You've looked online, at
dhsield, etc. already?
On Dec 8, 2010 10:17 AM, "Dan King" <<mailto:xxsegfaultxx () gmail com>xxsegfaultxx () gmail com<mailto:xxsegfaultxx 
() gmail com>> wrote:

Try using amap[1]. It does a pretty good job at throwing data at services

to

figure out what is running. It also comes with amapcrap which throws

random

data at a service trying to force a response.

[1] <http://freeworld.thc.org/thc-amap/> http://freeworld.thc.org/thc-amap/

On Wed, Dec 8, 2010 at 11:56 AM, Craig Freyman <<mailto:craigfreyman () gmail com>craigfreyman () gmail 
com<mailto:craigfreyman () gmail com>
wrote:


I'm trying to identify what service is running on a specific port, tcp
8474. Here's what I've tried:

- nmap -sV -p8474 --version-all x.x.x.x
- telnet to the port - I get nothing
- browse to it with a web browser - I get nothing

Nmap does tell me that the port is open though.
8474/tcp open unknown

The only thing I know about the server is that it is a Windows box.

Is there anything else I can do to identify this service?


_______________________________________________
Pauldotcom mailing list
<mailto:Pauldotcom () mail pauldotcom com> Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom 
com>
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> 
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com> http://pauldotcom.com





--
I live in a world of cold steel and dungeons and mighty foes...


_______________________________________________
Pauldotcom mailing list
<mailto:Pauldotcom () mail pauldotcom com> Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom 
com>
<http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom> 
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com> http://pauldotcom.com


_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com<mailto:Pauldotcom () mail pauldotcom com>
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: <http://pauldotcom.com> http://pauldotcom.com

******************************************************************************
This email contains confidential and proprietary information and is not to be used or disclosed to anyone other than 
the named recipient of this email, 
and is to be used only for the intended purpose of this communication.
******************************************************************************
_______________________________________________
Pauldotcom mailing list
Pauldotcom () mail pauldotcom com
http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom
Main Web Site: http://pauldotcom.com
Previous By Date Next
Previous By Thread Next

Current thread: