10 More Discussions You Might Find Interesting
1. Cybersecurity
Just added these lines to our server firewall:
iptables -A INPUT -p tcp --dport 3306 -s 127.0.0.1 -d 127.0.0.1 -j ACCEPT
iptables -A INPUT -p tcp --dport 3306 -j DROP
Even though mysql is configured to correctly only listen on port 127.0.0.1 we still see these mysql log file notes on a daily... (0 Replies)
Discussion started by: Neo
0 Replies
2. Solaris
please find the below o/p for your reference
bash-3.00# fcinfo hba-port
HBA Port WWN: 21000024ff295a34
OS Device Name: /dev/cfg/c2
Manufacturer: QLogic Corp.
Model: 375-3356-02
Firmware Version: 05.03.02
FCode/BIOS Version: BIOS: 2.02; fcode: 2.01;... (3 Replies)
Discussion started by: sb200
3 Replies
3. IP Networking
i want to kill a tcp connection by killing its pid
with netstat -an i got the tcp ip connection on port 5914
but when i type ps -a or ps-e there is not such process running on port 5914
is it possible that because i do not log on with proper user account i can not see that process running? (30 Replies)
Discussion started by: alinamadchian
30 Replies
4. AIX
Hello Team,
We are having weblogic which running on AIX 6.1 Lpar machine. We not enabled any firewall(IPSEC) in AIX level.
Our weblogic is running on cluster.Whenever we stop/restart the cluster we would like to stop/start the port(by using command) which used by the weblogic. Please... (2 Replies)
Discussion started by: gowthamakanthan
2 Replies
5. Programming
Hello!
I searched forum for similar topic, with no luck, if you know one, delete this topic, and send me private message with link please.
Little background:
I have a lot of clients and one serwer. Client can make multiple connections on different ports and ips, but only one can be acctive... (2 Replies)
Discussion started by: ikeban
2 Replies
6. IP Networking
I am trying to block ALL traffic except when from ports 9100,22,23 to destination network 192.0.0.0 (my WAN): 2 networks 192.0.3.0 with static route to 192.0.0.0
Shouldn't this work?:
iptables -A INPUT -p tcp -d 192.0.0.0/24 --dport 22 -j ACCEPT
iptables -A INPUT -p tcp -d 192.0.0.0/24... (3 Replies)
Discussion started by: herot
3 Replies
7. Programming
Does anyone know if there is a C API call to get the status of a TCP port? As opposed to running netstat and parsing the results. At the moment I have to attempt to bind() and pick up on the address in use error which isn't very elegant
Thanks
---------- Post updated at 10:42 AM ----------... (0 Replies)
Discussion started by: janra
0 Replies
8. Shell Programming and Scripting
I have multiple processes running the same program on my linux machine. For each process I want to be able to use a unique (available) TCP port. I have thought of using netstat to check which ports are available for use however, the time-window between checking and selecting might expose some race... (1 Reply)
Discussion started by: timmylita
1 Replies
9. UNIX for Dummies Questions & Answers
Hello, I have a service running (ODBC) and every now and then it will hang and I will have to stop and restart the service. The problem is when I stop the service, it indeed stops the service, but netstat reports a tcp port still open with the fin_wait_2 status. Then I must close the client... (1 Reply)
Discussion started by: raidzero
1 Replies
10. IP Networking
I am trying to connect via DBACCESS and Informix server to a server on a different computer. When I execute the connect command from dbaccess I get the following message,
Exec format error cannot bind a name to the port.
As far as I know the port is not being used by another client.
How... (1 Reply)
Discussion started by: lopez
1 Replies
XPROBE2(1) General Commands Manual XPROBE2(1)
NAME
xprobe2 - A Remote active operating system fingerprinting tool.
SYNOPSIS
xprobe2 [ -v ] [ -r ] [ -p proto:portnum:state ] [ -c configfile ] [ -o logfile ] [ -p port ] [ -t receive_timeout ] [ -m numberofmatches ]
[ -D modnum ] [ -F ] [ -X ] [ -B ] [ -A ] [ -T port spec ] [ -U port spec ] host
DESCRIPTION
xprobe2 is an active operating system fingerprinting tool with a different approach to operating system fingerprinting. xprobe2 relies on
fuzzy signature matching, probabilistic guesses, multiple matches simultaneously, and a signature database.
The operation of xprobe2 is described in a paper titled "xprobe2 - A 'Fuzzy' Approach to Remote Active Operating System Fingerprinting",
which is available from http://www.sys-security.com/html/projects/X.html.
As xprobe2 uses raw sockets to send probes, you must have root privileges in order for xprobe2 to be able to use them.
OPTIONS
-v be verbose.
-r display route to target (traceroute-like output).
-c use configfile to read the configuration file, xprobe2.conf, from a non-default location.
-D disable module number modnum.
-m set number of results to display to numofmatches.
-o use logfile to log everything (default output is stderr).
-p specify port number (portnum), protocol (proto) and it's state for xprobe2 to use during rechability/fingerprinting tests of remote
host. Possible values for proto are tcp or udp, portnum can only take values from 1 to 65535, state can be either closed (for
tcp that means that remote host replies with RST packet, for udp that means that remote host replies with ICMP Port Unreachable
packet) or open (for tcp that means that remote host replies with SYN ACK packet and for udp that means that remote host doesn't
send any packet back).
-t set receive timeout to receive_timeout in seconds (the default is set to 10 seconds).
-F generate signature for specified target (use -o to save fingerprint into file)
-X write XML output to logfile specified with -o
-B causes xprobe2 to be a bit more noisy, as -B makes TCP handshake module to try and blindly guess an open TCP port on the target, by
sending sequential probes to the following well-known ports: 80, 443, 23, 21, 25, 22, 139, 445 and 6000 hoping to get SYN ACK reply.
If xprobe2 receives RST|ACK or SYN|ACK packets for a port in the list above, it will be saved in the target port database to be
later used by other modules (i.e. RST module).
-T, -U enable built-in portscanning module, which will attempt to scan TCP and/or UDP ports respectively, which were specified in port spec
-A enable experimental support for detection of transparent proxies and firewalls/NIDSs spoofing RST packets in portscanning module.
Option should be used in conjunction with -T. All responses from target gathered during portscanning process are divided in two
classes (SYN|ACK and RST) and saved for analysis. During analysis module will search for different packets, based on some of the
fields of TCP and IP headers, withing the same class and if such packets are found, message will be displayed showing different
packets withing the same class.
EXAMPLES
xprobe2 -v -D 1 -D 2 192.168.1.10
Will launch an OS fingerprinting attempt targeting 192.168.1.10. Modules 1 and 2, which are reachability tests, will be disabled, so
probes will be sent even if target is down. Output will be verbose.
xprobe2 -v -p udp:53:closed 192.168.1.20
Will launch an OS fingerprint attempt targeting 192.168.1.20. The UDP destination port is set to 53, and the output will be verbose.
xprobe2 -M 11 -p tcp:80:open 192.168.1.1
Will only enable TCP handshake module (number 11) to probe the target, very usefull when all ICMP traffic is filtered.
xprobe2 -B 192.168.1.1
Will cause TCP handshake module to try blindly guess open port on the target by sequentially sending TCP packets to the most likely
open ports (80, 443, 23, 21, 25, 22, 139, 445 and 6000).
xprobe2 -T 1-1024 127.0.0.1
Will enable portscanning module, which will scan TCP ports starting from 1 to 1024 on 127.0.0.1
xprobe2 -p tcp:139:open 192.168.1.2
If remote target has TCP port 139 open, the command line above will enable application level SMB module (if remote target has TCP
port 445 open, substitue 139 in the command line with 445).
xprobe2 -p udp:161:open 192.168.1.10
Will enable SNMPv2c application level module, which will try to retrieve sysDescr.0 OID using community strings taken from
xprobe2.conf file.
NOTES
xprobe2 fingerprints remote operating system by analyzing the replies from the target, so to get the most out of xprobe2 you need to supply
xprobe2 with as much information as possible, in particular it is important to supply at least one open TCP port and one closed UDP port.
Open TCP port can either be provided in command line (-p), obtained through built-in portscanner (-T) or -B option can be used to cause
xprobe2 to try to blindly guess open TCP port. UDP port can be supplied via command line (-p) or through built-in portscanner (-U).
HISTORY
xprobe has been developed in 2001 based on research performed by Ofir Arkin <ofir@sys-security.com>. The code has been officially released
at the BlackHat Briefings in Las-Vegas in 2001. xprobe2 is a logical evolution of xprobe code. Signature based fuzzy fingerprinting logic
was embedded.
SEE ALSO
nmap(1) queso(1) pcap(3)
AUTHORS
Fyodor Yarochkin <fyodor@o0o.nu>, Ofir Arkin <ofir@sys-security.com>, Meder Kydyraliev <meder@o0o.nu>
(see also /usr/share/doc/xprobe/CREDITS).
AVAILABILITY
The current version and relevant documentation is available from following urls:
http://www.sys-security.com/html/projects/X.html
http://xprobe.sourceforge.net
http://www.notlsd.net/xprobe/
BUGS
None known (please report).
$Id: xprobe2.1,v 1.18 2005/07/26 12:48:59 mederchik Exp $ XPROBE2(1)