Mr Speaker

What’s that port?

Monday, August 30, 2004

Looking through your firewall logs, or the output of a "netstat -a" and notice a connection to a port you are not familar with? And want to impress your friends? Use this cool nerdy trick provided by portsdb.org and trusty ol' nslookup to find port names...

nslookup -q=txt port.protocol.portsdb.org

Where port is the port number you're interested in, and protocol is tcp, or udp. For example, say you spot the following line in your firewall log:

DATE		IP		TYPE	PORT
30/08/04	234.234.234.234	UDP	1433

After you are finished being impressed by the groovy IP address, whack the following down on the command line:

nslookup -q=txt 1433.udp.portsdb.org

Non-authoritative answer:
1433.udp.portsdb.org    text =

        "ms-sql-s"

There you go. Someone trying to send a UDP packet to your SQL server. Hope you're patched up, 'cause it's most likely a Slammer packet.

This was written by Mr Speaker. Posted on at 12:31 pm. Filed under Nerd. Bookmark the permalink. Follow comments here with the RSS feed. Post a comment or leave a trackback.
Captcha! Please type 'radical' here: *
How did you find this thingo? *