Port 3137

  • Thread starter Thread starter James Matthews
  • Start date Start date
Use fport from http://www.foundstone.com/us/resources/proddesc/fport.htm
to find which applications are using which ports.


Richard Giagnacovo



James Matthews wrote:
> On one of my clients I am seeing alot of incoming and outgoing
> connections on this port (3137). I cannot seem to pin it on one
> program! Has anyone been seeing traffic like this!
>
> System fully patched etc....
>
> Thanks
>
 
You don't need a separate application for that. A simple netstat -b in
the console will produce nearly identical results. :)

Richard Giagnacovo wrote:
> Use fport from http://www.foundstone.com/us/resources/proddesc/fport.htm
> to find which applications are using which ports.
>
>
> Richard Giagnacovo
>
>
>
> James Matthews wrote:
>> On one of my clients I am seeing alot of incoming and outgoing
>> connections on this port (3137). I cannot seem to pin it on one
>> program! Has anyone been seeing traffic like this!
>>
>> System fully patched etc....
>>
>> Thanks
>>
 
MyDoom varients use TCP 3137 (amongst other ports).

J Wolfgang Goerlich

On Sep 11, 12:39 am, "James Matthews" <jamesmat...@gmail.com> wrote:
> On one of my clients I am seeing alot of incoming and outgoing connections
> on this port (3137). I cannot seem to pin it on one program! Has anyone
> been seeing traffic like this!
 
The issue is that it is a passive connection! I only see the firewall block
it! So using netstat and fport won't work!

--

http://www.goldwatches.com/
http://www.jewelerslounge.com/
"Michael Robinson" <mkr@mkronline.com> wrote in message
news:f2798$46e69d13$4b752219$3347@ALLTEL.NET...
> You don't need a separate application for that. A simple netstat -b in the
> console will produce nearly identical results. :)
>
> Richard Giagnacovo wrote:
>> Use fport from http://www.foundstone.com/us/resources/proddesc/fport.htm
>> to find which applications are using which ports.
>>
>>
>> Richard Giagnacovo
>>
>>
>>
>> James Matthews wrote:
>>> On one of my clients I am seeing alot of incoming and outgoing
>>> connections on this port (3137). I cannot seem to pin it on one
>>> program! Has anyone been seeing traffic like this!
>>>
>>> System fully patched etc....
>>>
>>> Thanks
>>>
 
"James Matthews" <jamesmatt18@gmail.com> wrote:

> The issue is that it is a passive connection! I only see the firewall
> block it! So using netstat and fport won't work!

Use a sniffer to find the destination port on the local machine, then
check with netstat/fport/whatever..

Juergen Nieveler
--
Nolli turbare testiculos meos!
 
Back
Top