[Zeek] Detecting software
Randy Labaza
rlabaza at gmail.com
Wed Nov 20 11:28:45 PST 2019
You might try some combination of lsof -i:4545, get the PID, then use ps to
find the process...
Regards.
rl.
On Wed, Nov 20, 2019 at 2:02 PM Vern Paxson <vern at corelight.com> wrote:
> > We have a server that bro detected with port 4545 in listening mode. Is
> > there a way to find what software had that port opened or any specific
> > details about it?
>
> Zeek doesn't provide additional insight into servers running protocols for
> applications unknown to Zeek. In practical terms, you could try capturing
> a pcap of the traffic and then inspecting it using say Wireshark to see
> if you can figure out what it is.
>
> Vern
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191120/246e0403/attachment.html
More information about the Zeek
mailing list