Identifying active sessions on ports without sniffing

["Fei Hu" <fei_hu () linuxmail org>]

Is there a way to identify active TCP ports/sessions (otherwise seen as closed via a port scanner)? I am working 
pen-test where I need to identify the ports associated with an established TCP session. In this situation, data is only 
transmitted one direction, server -> client. It is transmitted intermittently on an as needed basis with no established 
patterns. The TCP session stays up even though no data is being sent, so the ports on the server and client side remain 
static. The application layer is a proprietary app. There is no way to use a use a sniffer.

Would an active port respond back as closed slower than a truely closed port for example.  Could this type of test even 
at all possible due to traffic load fluctuations?

Any ideas?

Cheers,

Fei Hu


-- 

Get your free email from www.linuxmail.org 


Powered by Outblaze

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/