Re: Strange set of TCP ports

[Shashank Rai <shashrai () emirates net ae>]

On Tue, 2004-04-20 at 00:09, mgotts () 2roads com wrote:
> > Run openports.exe from DiamondCS on the suspect boxen.
> >  If you don't have physical access, but do have admin
> > access, use psexec.exe from SysInternals, as well.
snip
> SysInternals probably does have such a utility, but I'm not sure what it 
> is off the top of my head.
sysinternals has a nice GUI tool for Windows -- TCPView & foundstone has
a cmd line tool - fport (though the advantage of openports.exe is that
it does not require admin priv to give the required info)

As for the original post.......
> > > can someone help me in identifying the following
> > > strange subset of open 
> > > TCP ports ?
> > > 3687/tcp open  unknown
> > > 3688/tcp open  unknown
> > > 3689/tcp open  rendezvous
> > > 3690/tcp open  unknown
> > > 3691/tcp open  unknown
The Port Report from http://members.cox.net/~jtmatthews/Resources.html
is a usefull document. According to the doc, this possibly might be SAP
R/3. It all depends on what OS you saw ports open on (the above replies
*assume* it is windows!!) and how did you determine the ports were open?
(port scan or netstat which translates to remotely or locally)!!

On a *NIX box, lsof is your friend. 
# lsof -i | egrep (LISTEN|IDLE)

(infact on Linux, netstat -lnp will do the job). 

If it's a windows box, then the tools have already been mentioned above.

HTH,
cheers,
-- 
Shashank Rai
------------
Network and Information Security Team,
Emirates Telecommunication Corporation,
Abu Dhabi, U.A.E.
Ph: +971-2-6182523   Office
    +971-50-6670648  Cell
GPG key:
http://pgp.cns.ualberta.ca:11371/pks/lookup?op=vindex&search=0x01B79474026E36F5


---------------------------------------------------------------------------
----------------------------------------------------------------------------