Detecting software

Monah_Baki · November 20, 2019, 4:49pm

Hi all,

We have a server that bro detected with port 4545 in listening mode. Is there a way to find what software had that port opened or any specific details about it?

Thanks
Monah

Vern · November 20, 2019, 6:54pm

We have a server that bro detected with port 4545 in listening mode. Is
there a way to find what software had that port opened or any specific
details about it?

Zeek doesn't provide additional insight into servers running protocols for
applications unknown to Zeek. In practical terms, you could try capturing
a pcap of the traffic and then inspecting it using say Wireshark to see
if you can figure out what it is.

Vern

Randy_Labaza · November 20, 2019, 7:28pm

You might try some combination of lsof -i:4545, get the PID, then use ps to find the process…

Jim_Mellander · November 20, 2019, 7:54pm

Just to be clear, Randy’s suggestions should be executed on the server listening on port 4545, not the bro/zeek system.

Topic		Replies	Views
about Zeek	2	60	May 6, 2022
Two Questions about Bro Zeek	1	49	May 6, 2022
how can i config bro to let it only capture and analyze http packages? Zeek	5	61	May 6, 2022
finger and port scan test to bro Zeek	1	55	May 6, 2022
VPN Traffic Detection Zeek	2	82	May 6, 2022

Detecting software

Related Topics