[Dshield] Port 7730

Valdis.Kletnieks@vt.edu Valdis.Kletnieks at vt.edu
Fri Feb 17 16:04:06 GMT 2006

On Fri, 17 Feb 2006 14:29:19 GMT, Chris Wright said:
> Does anyone know of any apps that use Port 7730? 
> I've googled it to death with no luck.

When trying to shoot one of these, it *always* helps if you specify whether
it's a TCP or UDP packet, and can get a packet trace that includes full packet
headers and payload, even if it's only the first packet or two (most of these
things will give up after a few packets when they don't receive the expected
response).  If it retransmits a packet, *that* can be helpful data as well -
anybody who can't tell if the source system is likely a Windows or Unix
box by the retransmit pattern of a TCP SYN packet needs to take the
SANS Intrusion Detection class.. ;) 

For UDP, just use 'tcpdump' or 'ethereal' or similar tool to catch the
first packet.  For TCP, you'll also need to set up a 'netcat' listener
so something answers the 3-packet handshake and you see the first data

UDP;   tcpdump -w /tmp/capture udp port 7730

TCP:   nc -l 7730 > /dev/null; tcpdump -w /tmp/capture tcp port 7730

Hopefully that info helps somebody...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060217/44b9e346/attachment.bin

More information about the list mailing list