Great Circle Associates Firewalls
(April 1994)

Indexed By Date: [Previous] [Next] Indexed By Thread: [Previous] [Next]

Subject: Re: probe_tcp_ports
From: long-morrow @ CS . YALE . EDU (H Morrow Long)
Date: Thu, 14 Apr 94 13:07:40 -0400
To: firewalls @ GreatCircle . COM
Cc: cert-tools @ cert . org
In-reply-to: Your message of Thu, 14 Apr 94 12:34:39 EDT.

In a mail message someone wrote me:
>Could you please give me some insight on wht this does?

probe_tcp_ports attempts to connect (sequentially) to all of the TCP ports
on a host running IP to see which ones have a process
listening for connections on them.  This allows you to scan
all of your hosts to see if one of your users is running a
gopher, WWW or MUD server that you don't know about (as well
as other possibly insecure services).  You could also
probe remote hosts on the internet to see if they are running
any interesting services at any ports in the range 1-65535
(although the etiquette and ethics of doing this to a remote
Internet hosts are certainly a controversial debate).

Unfortunately it can't tell you if anyone on your network is
running an illicit FSP site from which they are distributing
pirated software (because FSP is a protocol on top of UDP).
You'll have to use etherfind, snoop or a Sniffer/Lanalyzer for that.

With the -h flag (hack mode) it will fire up telnet on the found port.
With the -v flag (verbose mode) it will report on ports that it couldn't
connect to as well as those it can.
The -d flag is for debug mode.

You run it as :

	probe_tcp_ports hostname


	probe_tcp_ports -h hostname

						- Morrow

Indexed By Date Previous: Minor cosmetic fix for probe_tcp_ports.c on little endian machines
From: long-morrow @ CS . YALE . EDU (H Morrow Long)
Next: Re: Encrypted tunnels
From: lear @ yeager . corp . sgi . com (Eliot Lear)
Indexed By Thread Previous: Re: probe_tcp_ports
From: long-morrow @ CS . YALE . EDU (H Morrow Long)
Next: Re: probe_tcp_ports
From: Paul Walmsley <c617666 @ sgi12 . phlab . missouri . edu>

Search Internet Search