Gary, Let's see...FoundStone's fscan, SamSpade, etc, can all be configured to do this. Since all you're seeing are the SYN packets, this could even be done using nmap on NT/2K. Or a Perl script. --- "Portnoy, Gary" <gportnoyat_private> wrote: > Greetings, > > Can anyone tell me which Windows tool is used to > scan for ports 139, 12345, > and 27374. (Example below) This occurs often enough > that it makes me think > that it's a tool, I just can't find any mention of > it anywhere... > > 08/20-23:43:31.292516 0:2:4B:BC:B9:E0 -> > 8:0:20:B8:F2:36 type:0x800 len:0x3E > 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP > TTL:110 TOS:0x0 ID:21844 > IpLen:20 DgmLen:48 DF > ******S* Seq: 0x76F6E7F Ack: 0x0 Win: 0x4000 > TcpLen: 28 > TCP Options (4) => MSS: 1460 NOP NOP SackOK > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > 08/20-23:43:31.292892 0:2:4B:BC:B9:E0 -> > 8:0:20:B8:F2:36 type:0x800 len:0x3E > 209.69.154.168:3205 -> MY.NET.165.25:12345 TCP > TTL:110 TOS:0x0 ID:21845 > IpLen:20 DgmLen:48 DF > ******S* Seq: 0x77050F0 Ack: 0x0 Win: 0x4000 > TcpLen: 28 > TCP Options (4) => MSS: 1460 NOP NOP SackOK > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > 08/20-23:43:31.297448 0:2:4B:BC:B9:E0 -> > 8:0:20:B8:F2:36 type:0x800 len:0x3E > 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 > TOS:0x0 ID:21846 > IpLen:20 DgmLen:48 DF > ******S* Seq: 0x7713088 Ack: 0x0 Win: 0x4000 > TcpLen: 28 > TCP Options (4) => MSS: 1460 NOP NOP SackOK > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > 08/20-23:43:34.262887 0:2:4B:BC:B9:E0 -> > 8:0:20:B8:F2:36 type:0x800 len:0x3E > 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 > TOS:0x0 ID:23258 > IpLen:20 DgmLen:48 DF > ******S* Seq: 0x7713088 Ack: 0x0 Win: 0x4000 > TcpLen: 28 > TCP Options (4) => MSS: 1460 NOP NOP SackOK > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > 08/20-23:43:34.302197 0:2:4B:BC:B9:E0 -> > 8:0:20:B8:F2:36 type:0x800 len:0x3E > 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP > TTL:110 TOS:0x0 ID:23289 > IpLen:20 DgmLen:48 DF > ******S* Seq: 0x76F6E7F Ack: 0x0 Win: 0x4000 > TcpLen: 28 > TCP Options (4) => MSS: 1460 NOP NOP SackOK > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > 08/20-23:44:06.193115 0:2:4B:BC:B9:E0 -> > 8:0:20:B8:F2:36 type:0x800 len:0x3E > 209.69.154.168:3209 -> MY.NET.165.25:139 TCP TTL:110 > TOS:0x0 ID:26960 > IpLen:20 DgmLen:48 DF > ******S* Seq: 0x7713088 Ack: 0x0 Win: 0x4000 > TcpLen: 28 > TCP Options (4) => MSS: 1460 NOP NOP SackOK > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > 08/20-23:44:06.340679 0:2:4B:BC:B9:E0 -> > 8:0:20:B8:F2:36 type:0x800 len:0x3E > 209.69.154.168:3205 -> MY.NET.165.25:12345 TCP > TTL:110 TOS:0x0 ID:26997 > IpLen:20 DgmLen:48 DF > ******S* Seq: 0x77050F0 Ack: 0x0 Win: 0x4000 > TcpLen: 28 > TCP Options (4) => MSS: 1460 NOP NOP SackOK > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > 08/20-23:44:06.388758 0:2:4B:BC:B9:E0 -> > 8:0:20:B8:F2:36 type:0x800 len:0x3E > 209.69.154.168:3204 -> MY.NET.165.25:27374 TCP > TTL:110 TOS:0x0 ID:27009 > IpLen:20 DgmLen:48 DF > ******S* Seq: 0x76F6E7F Ack: 0x0 Win: 0x4000 > TcpLen: 28 > TCP Options (4) => MSS: 1460 NOP NOP SackOK > > =+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+ > > Gary Portnoy > Network Administrator > gportnoyat_private > > PGP Fingerprint: 9D69 6A39 642D 78FD 207C 307D B37D > E01A 2E89 9D2C > > > ---------------------------------------------------------------------------- > This list is provided by the SecurityFocus ARIS > analyzer service. > For more information on this free incident handling, > management > and tracking system please see: > http://aris.securityfocus.com > __________________________________________________ Do You Yahoo!? Get email alerts & NEW webcam video instant messaging with Yahoo! Messenger http://im.yahoo.com ---------------------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Tue Sep 11 2001 - 09:11:51 PDT