[Dshield] Port 7730
Valdis.Kletnieks at vt.edu
Fri Feb 17 16:04:06 GMT 2006
On Fri, 17 Feb 2006 14:29:19 GMT, Chris Wright said:
> Does anyone know of any apps that use Port 7730?
> I've googled it to death with no luck.
When trying to shoot one of these, it *always* helps if you specify whether
it's a TCP or UDP packet, and can get a packet trace that includes full packet
headers and payload, even if it's only the first packet or two (most of these
things will give up after a few packets when they don't receive the expected
response). If it retransmits a packet, *that* can be helpful data as well -
anybody who can't tell if the source system is likely a Windows or Unix
box by the retransmit pattern of a TCP SYN packet needs to take the
SANS Intrusion Detection class.. ;)
For UDP, just use 'tcpdump' or 'ethereal' or similar tool to catch the
first packet. For TCP, you'll also need to set up a 'netcat' listener
so something answers the 3-packet handshake and you see the first data
UDP; tcpdump -w /tmp/capture udp port 7730
TCP: nc -l 7730 > /dev/null; tcpdump -w /tmp/capture tcp port 7730
Hopefully that info helps somebody...
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 226 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060217/44b9e346/attachment.bin
More information about the list