The 02.12.05 at 10:00, zentara wrote:
What the h**k is port 5327 used for? It is not listed in /etc/services. Usually, the firewall reject them, but you can see in the log below it accepted some packets (although there was no response, according to
Why don't you run something like ethereal for a bit, and look at what all those packets are?
Gosh, nice program! I installed it time ago, meaning to try it, but I forgot. Couldn't convince sux to run it right now, though, I had to run an alternate xwindows session for root (startx -- :1). Astonishing the amount of passwords in clear that go out (pop3), I was unaware of that :-( Now I'll have to study the result, I have it running as I write this, 8 minutes now, and I have got some "attempts". [...] They seem to come in pairs, one accepted by the firewall, and the next one (same second) dropped. Interestingly, ethereal doesn't see the dropped ones. However, it does log netbios attempts, which are also dropped by the firewall. Here, this is a printout of one packet (for curiosity sake only, as I suppose its way off topic) - but it seems ethereal is not aware of what this port is used for, it does not recognize the protocol: Frame 92 (62 on wire, 62 captured) Arrival Time: Dec 7, 2002 16:15:34.076686000 Time delta from previous packet: 0.046916000 seconds Time relative to first packet: 11.289963000 seconds Frame Number: 92 Packet Length: 62 bytes Capture Length: 62 bytes Linux cooked capture Packet type: Unicast to us (0) Link-layer address type: 512 Link-layer address length: 0 Source: <MISSING> Protocol: IP (0x0800) Trailer: 0000 Internet Protocol, Src Addr: ssaflo3.nombres.ttd.es (193.152.43.8), Dst Addr: 213-99-172-164.uc.nombres.ttd.es (213.99.172.164) Version: 4 Header length: 20 bytes Differentiated Services Field: 0x00 (DSCP 0x00: Default; ECN: 0x00) 0000 00.. = Differentiated Services Codepoint: Default (0x00) .... ..0. = ECN-Capable Transport (ECT): 0 .... ...0 = ECN-CE: 0 Total Length: 44 Identification: 0x6dda Flags: 0x04 .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset: 0 Time to live: 252 Protocol: TCP (0x06) Header checksum: 0xa248 (correct) Source: ssaflo3.nombres.ttd.es (193.152.43.8) Destination: 213-99-172-164.uc.nombres.ttd.es (213.99.172.164) Transmission Control Protocol, Src Port: 39840 (39840), Dst Port: 5327 (5327), Seq: 601107144, Ack: 0, Len: 0 Source port: 39840 (39840) Destination port: 5327 (5327) Sequence number: 601107144 Header length: 24 bytes Flags: 0x0002 (SYN) 0... .... = Congestion Window Reduced (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Window size: 8760 Checksum: 0x083a (correct) Options: (4 bytes) Maximum segment size: 1460 bytes 0000 00 00 02 00 00 00 00 00 00 00 00 00 00 00 08 00 ................ 0010 45 00 00 2c 6d da 40 00 fc 06 a2 48 c1 98 2b 08 E..,m.@....H..+. 0020 d5 63 ac a4 9b a0 14 cf 23 d4 2a c8 00 00 00 00 .c......#.*..... 0030 60 02 22 38 08 3a 00 00 02 04 05 b4 00 00 `."8.:........ -- Cheers, Carlos Robinson