Home page logo

pen-test logo Penetration Testing mailing list archives

Identifying active sessions on ports without sniffing
From: "Fei Hu" <fei_hu () linuxmail org>
Date: Thu, 04 Oct 2001 23:42:09 +0800

Is there a way to identify active TCP ports/sessions (otherwise seen as closed via a port scanner)? I am working 
pen-test where I need to identify the ports associated with an established TCP session. In this situation, data is only 
transmitted one direction, server -> client. It is transmitted intermittently on an as needed basis with no established 
patterns. The TCP session stays up even though no data is being sent, so the ports on the server and client side remain 
static. The application layer is a proprietary app. There is no way to use a use a sniffer.

Would an active port respond back as closed slower than a truely closed port for example.  Could this type of test even 
at all possible due to traffic load fluctuations?

Any ideas?


Fei Hu


Get your free email from www.linuxmail.org 

Powered by Outblaze

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
  • Identifying active sessions on ports without sniffing Fei Hu (Oct 04)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]