Identifying Activity on Ports

[AngelicKnight]

I was reviewing my firewall's bandwidth usage by services report this morning, and found a number of ports active that I wasn't familiar with. Googled to get a full listing of ports, and what little I did find didn't tell me much. Googled each particular service I found to see if I could learn what exactly each service was -- no luck. So, here's a a list of all the ports and associated services I found them to be for via Googling:

1580 tn-tl-rl
1064 unassigned
1285 unassigned
1752 lofr-lm Leap of Faith Research License Manager
1468 CSDM
2747 fjippol-swrly
3571 unassigned
3758 unassigned
4150 unassigned
1063 unassigned
1983 unassigned

Does anybody have any idea what these services are? And regarding the "unassigned" ports, how do I figure out what the deal is with those, since they're evidently active?

[ric-o]

AK: Check out this site http://www.treachery.net/tools/ports/lookup.cgi as I find it very handy when researching these. It had a couple on there you had listed as unassigned.

I assume these are destination/service ports right?

[AngelicKnight]

Thanks, that did provide a little more. Here's the updated info:

1064 JSTEL
1285 neoiface
1063 KyoceraNetDev
1983 Loophole Test Protocol

No clue what those services are though...

/edit -- Ooooh, now this is interesting though. I did find info on one service:

Loophole:

• gets you directly out to the Internet, through your company's firewall or web filter
• encrypts where-you're-going and what-you're-doing-there
• is discreet (can run from CD-ROM and use Camouflage Mode to avoid leaving tracks on your work computer)
• uses your cable or DSL modem (uses your home computer's bandwidth while you're at work).

Loophole uses HTTP tunneling to avoid filtering by the firewall or web filter. Tunneling combines with strong encryption to make your traffic secure against monitoring.

Hmm...Looks like I have something to look into!

[phishphreek]

/edit -- Ooooh, now this is interesting though. I did find info on one service:

Sounds like someones gonna be begging for their job really soon....

[AngelicKnight]

Sounds like someones gonna be begging for their job really soon....

I know, I know, I had that coming. I am honestly working on de-noobing myself as quickly as possible though. You should see the stack of AO tuts I have printed out over here...Just cut me some slack and be glad I'm not asking how to hack Hotmail.

[Maverick811]

Shouldn't those ports be closed by default - closed unless explicity opened by the firewall ruleset? Might be worth digging into your firewall setup to make sure that everything is as it should be. ..

[AngelicKnight]

Good point. That firewall was configured by the intern who preceded me in this position, so that could be the case. Off I go to do some digging!

[Spyder32]

The port's you don't know about, simply type in the services into google and you'll get your answer as to what they are (that's normally what I do when I run a port scan or whatever and find services I dunno about).

[AngelicKnight]

Yeah, I already did that, in keeping with the sacred rule of AO, but all I turned up were pages that said what service used the port, but didn't tell me anything about the service. Then I googled the service, and just found other websites that listed the service but didn't describe it (the exception being the Loophole software). Erg, maybe I'm just being impatient and not looking deep enough. I'll keep digging.

[cacosapo]

allways go here first --> http://www.iana.org/assignments/port-numbers
valid providers use to put their odd ports there. Usually near port has a comment about who (and from where) has added that entry. Some entries that you didnt find are there...