[Zeek] Detecting software
Jim Mellander
jmellander at lbl.gov
Wed Nov 20 11:54:13 PST 2019
Just to be clear, Randy's suggestions should be executed on the server
listening on port 4545, not the bro/zeek system.
On Wed, Nov 20, 2019 at 11:31 AM Randy Labaza <rlabaza at gmail.com> wrote:
> You might try some combination of lsof -i:4545, get the PID, then use ps
> to find the process...
> Regards.
> rl.
>
>
> On Wed, Nov 20, 2019 at 2:02 PM Vern Paxson <vern at corelight.com> wrote:
>
>> > We have a server that bro detected with port 4545 in listening mode. Is
>> > there a way to find what software had that port opened or any specific
>> > details about it?
>>
>> Zeek doesn't provide additional insight into servers running protocols for
>> applications unknown to Zeek. In practical terms, you could try capturing
>> a pcap of the traffic and then inspecting it using say Wireshark to see
>> if you can figure out what it is.
>>
>> Vern
>> _______________________________________________
>> Zeek mailing list
>> zeek at zeek.org
>> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
>>
> _______________________________________________
> Zeek mailing list
> zeek at zeek.org
> http://mailman.ICSI.Berkeley.EDU/mailman/listinfo/zeek
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.ICSI.Berkeley.EDU/pipermail/zeek/attachments/20191120/a2f72e6d/attachment.html
More information about the Zeek
mailing list