PaulDotCom mailing list archives
Re: Service Fingerprinting
From: Dan King <xxsegfaultxx () gmail com>
Date: Thu, 9 Dec 2010 15:00:12 -0500
Not sure if you gave amapcrap a shot or not. Here's the syntax I usually to bang the hell out of a service: amapcrap -vm 0ab <host> <port> This will send random null bytes, letters and spaces, and binary data to the service. Let it run for a good while. It should stop once a response has been sent back from the server. I generally like to run tcpdump in the background while doing this. the pcap can get quite large but I like to analyze the traffic to figure out the protocol I'm dealing with. Good luck :) On Wed, Dec 8, 2010 at 11:20 PM, Craig Freyman <craigfreyman () gmail com>wrote:
I have not found any details on tcp 8474 anywhere. I've tried all nmap scans and didnt have any luck. Just tried amap, still nothing. Thanks for the ideas, I'll keep at it. -C On Wed, Dec 8, 2010 at 10:59 AM, Kevin Shaw <kevin.lee.shaw () gmail com>wrote:Amap has already been pointed out; but I would run an nmap scan a second time and see if it still shows up. The port may have been open and not necessarily a listening service and responded to the SYN packet; try some other TCP flags and see what response you get. You've looked online, at dhsield, etc. already? On Dec 8, 2010 10:17 AM, "Dan King" <xxsegfaultxx () gmail com> wrote:Try using amap[1]. It does a pretty good job at throwing data atservices tofigure out what is running. It also comes with amapcrap which throwsrandomdata at a service trying to force a response. [1] http://freeworld.thc.org/thc-amap/ On Wed, Dec 8, 2010 at 11:56 AM, Craig Freyman <craigfreyman () gmail com wrote:I'm trying to identify what service is running on a specific port, tcp 8474. Here's what I've tried: - nmap -sV -p8474 --version-all x.x.x.x - telnet to the port - I get nothing - browse to it with a web browser - I get nothing Nmap does tell me that the port is open though. 8474/tcp open unknown The only thing I know about the server is that it is a Windows box. Is there anything else I can do to identify this service? _______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com-- I live in a world of cold steel and dungeons and mighty foes..._______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
-- I live in a world of cold steel and dungeons and mighty foes...
_______________________________________________ Pauldotcom mailing list Pauldotcom () mail pauldotcom com http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
Current thread:
- Service Fingerprinting Craig Freyman (Dec 08)
- Re: Service Fingerprinting Dan King (Dec 08)
- Re: Service Fingerprinting Kevin Shaw (Dec 08)
- Re: Service Fingerprinting Craig Freyman (Dec 09)
- Re: Service Fingerprinting Kevin Shaw (Dec 09)
- Re: Service Fingerprinting Butturini, Russell (Dec 09)
- Re: Service Fingerprinting craig bowser (Dec 09)
- Re: Service Fingerprinting Craig Freyman (Dec 09)
- Re: Service Fingerprinting Kevin Shaw (Dec 08)
- Re: Service Fingerprinting Dan King (Dec 09)
- Re: Service Fingerprinting Nick Drage (Dec 13)
- Re: Service Fingerprinting Ron Gula (Dec 13)
- Re: Service Fingerprinting Dan King (Dec 08)