Re: Guess the tool...

From: H C (keydet89at_private)
Date: Tue Sep 11 2001 - 09:07:22 PDT

Next message: Paul Gear: "Re: Guess the tool..."

Previous message: Portnoy, Gary: "Guess the tool..."
In reply to: Portnoy, Gary: "Guess the tool..."
Next in thread: Paul Gear: "Re: Guess the tool..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Gary,

Let's see...FoundStone's fscan, SamSpade, etc, can all
be configured to do this.  Since all you're seeing are
the SYN packets, this could even be done using nmap on
NT/2K.  Or a Perl script.


--- "Portnoy, Gary" <gportnoyat_private> wrote:
> Greetings,
> 
> Can anyone tell me which Windows tool is used to
> scan for ports 139, 12345,
> and 27374.  (Example below) This occurs often enough
> that it makes me think
> that it's a tool, I just can't find any mention of
> it anywhere...
> 
> 08/20-23:43:31.292516 0:2:4B:BC:B9:E0 ->
> 8:0:20:B8:F2:36 type:0x800 len:0x3E
> 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP
> TTL:110 TOS:0x0 ID:21844
> IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x76F6E7F  Ack: 0x0  Win: 0x4000 
> TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 08/20-23:43:31.292892 0:2:4B:BC:B9:E0 ->
> 8:0:20:B8:F2:36 type:0x800 len:0x3E
> 209.69.154.168:3205 -> MY.NET.165.25:12345 TCP
> TTL:110 TOS:0x0 ID:21845
> IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x77050F0  Ack: 0x0  Win: 0x4000 
> TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 08/20-23:43:31.297448 0:2:4B:BC:B9:E0 ->
> 8:0:20:B8:F2:36 type:0x800 len:0x3E
> 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110
> TOS:0x0 ID:21846
> IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x7713088  Ack: 0x0  Win: 0x4000 
> TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 08/20-23:43:34.262887 0:2:4B:BC:B9:E0 ->
> 8:0:20:B8:F2:36 type:0x800 len:0x3E
> 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110
> TOS:0x0 ID:23258
> IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x7713088  Ack: 0x0  Win: 0x4000 
> TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 08/20-23:43:34.302197 0:2:4B:BC:B9:E0 ->
> 8:0:20:B8:F2:36 type:0x800 len:0x3E
> 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP
> TTL:110 TOS:0x0 ID:23289
> IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x76F6E7F  Ack: 0x0  Win: 0x4000 
> TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 08/20-23:44:06.193115 0:2:4B:BC:B9:E0 ->
> 8:0:20:B8:F2:36 type:0x800 len:0x3E
> 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110
> TOS:0x0 ID:26960
> IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x7713088  Ack: 0x0  Win: 0x4000 
> TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 08/20-23:44:06.340679 0:2:4B:BC:B9:E0 ->
> 8:0:20:B8:F2:36 type:0x800 len:0x3E
> 209.69.154.168:3205 -> MY.NET.165.25:12345 TCP
> TTL:110 TOS:0x0 ID:26997
> IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x77050F0  Ack: 0x0  Win: 0x4000 
> TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> 08/20-23:44:06.388758 0:2:4B:BC:B9:E0 ->
> 8:0:20:B8:F2:36 type:0x800 len:0x3E
> 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP
> TTL:110 TOS:0x0 ID:27009
> IpLen:20 DgmLen:48 DF
> ******S* Seq: 0x76F6E7F  Ack: 0x0  Win: 0x4000 
> TcpLen: 28
> TCP Options (4) => MSS: 1460 NOP NOP SackOK 
> 
>
=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+
> 
> Gary Portnoy
> Network Administrator
> gportnoyat_private
> 
> PGP Fingerprint: 9D69 6A39 642D 78FD 207C  307D B37D
> E01A 2E89 9D2C
> 
> 
>
----------------------------------------------------------------------------
> This list is provided by the SecurityFocus ARIS
> analyzer service.
> For more information on this free incident handling,
> management 
> and tracking system please see:
> http://aris.securityfocus.com
> 


__________________________________________________
Do You Yahoo!?
Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger
http://im.yahoo.com

----------------------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management 
and tracking system please see: http://aris.securityfocus.com

Next message: Paul Gear: "Re: Guess the tool..."
Previous message: Portnoy, Gary: "Guess the tool..."
In reply to: Portnoy, Gary: "Guess the tool..."
Next in thread: Paul Gear: "Re: Guess the tool..."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 09:11:51 PDT