Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Nmap scan

  1. #1
    Just burned his ISO
    Join Date
    May 2008
    Posts
    8

    Default Nmap scan

    Hello,
    I want to know what someone can do with that:

    5190/tcp open aol?

    I'm not asking how to hack it, I just want to have info about that "aol" and what can be done with it.

    Thanks, guyz.

  2. #2
    Senior Member
    Join Date
    Apr 2008
    Posts
    2,008

    Default

    Are you using the AOL ICQ client, as it at least is known to open up this port? Other than that it is quite hard for us to tell you what application is listening on that port since most applications can easily be configured to listen to almost any port.

    One way to try to figure out the real use of the port would be to listen to all traffic that goes through that port. This can be done with several of the programs included in BT and I will not even try to cover the use of them here.
    -Monkeys are like nature's humans.

  3. #3
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Quote Originally Posted by =Tron= View Post
    One way to try to figure out the real use of the port would be to listen to all traffic that goes through that port. This can be done with several of the programs included in BT and I will not even try to cover the use of them here.
    Correct: listening is best to see the IO packets. Are you running a program on your computer that is using the port or is it something that is being used by another unknown service on your machine that you're trying to identify?
    dd if=/dev/swc666 of=/dev/wyze

  4. #4
    Just burned his ISO
    Join Date
    May 2008
    Posts
    8

    Default

    I don't use AOL : s
    I captured traffic of that port and I got a packet with:

    source: my inet addr (192.168.1.34).
    dest: my wifi IP address (87.218.xx.xxx).

    It seems like nothing to do with AOL, just my computer and wifi-router sending some information using that port.

    Thanks =)

  5. #5
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Since this thread is titled nmap scan or whatever if might be a good idea for you to post some more of the output of the scans you did.
    Also might wanna run the scan against that port and those two ip address making sure to check the flag for service identification.
    If you need more help with nmap check out my tutorials on nmap.

    Let us know what you come up with.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  6. #6
    Jenkem Addict imported_wyze's Avatar
    Join Date
    Jul 2007
    Posts
    1,543

    Default

    Also, what OS is the machine running? You might want to look into the WHOIS for that IP to get another clue.

    What type of data is being sent from that port to the 87.218.x.x address and over what protocol (tcp / udp / icmp /ssl / etc)? Run Wireshark and do some packet captures.
    dd if=/dev/swc666 of=/dev/wyze

  7. #7
    Just burned his ISO
    Join Date
    May 2008
    Posts
    8

    Default

    @archangel.amael:

    Thanks, I read your whole tutorial and I learnt some interesting things, thanks again .

    I didn't get another open port, the only one I got is:


    5190/tcp open aol?

    Like I said before.

    The machine is running Linux (Ubuntu) and the packet sent was TCP.
    When Im capturing packets with Wireshark and I use nmap I start to get some of that packets.

    Well, the only thing I want to know is:
    What is this port (and packet) used for?
    Is it vulnerable? (I think no)


    Thanks for answering everything, guys, I'm a bit new in this.

  8. #8
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Makinavaja View Post
    @archangel.amael:
    Thanks, I read your whole tutorial and I learnt some interesting things, thanks again .
    No problem glad you enjoyed it, BTW there are seven of them so far.
    I didn't get another open port, the only one I got is:
    5190/tcp open aol?
    Like I said before.
    The machine is running Linux (Ubuntu) and the packet sent was TCP.
    When Im capturing packets with Wireshark and I use nmap I start to get some of that packets.
    Pidgin perhaps is the culprit? I don't know but pidgin does allow chatting with aol clients so maybe.
    See also here
    Second post in the thread. Not definative but it matches.
    Well, the only thing I want to know is:
    What is this port (and packet) used for?
    Is it vulnerable? (I think no)
    Thanks for answering everything, guys, I'm a bit new in this.
    Make sure you understand this part Ports are normally defined meaning that there is a certain port for a specific service on that port.
    However this is more like a default than a hard set rule.
    You can run just about any service off of any port that you want too, or the program allows for.
    80 is normally http but it can also be made to use 8080 or any other number of ports.
    As for the packet that you have you will have to dissect it with wireshark this is about the best way to look at them.

    Without knowing what service is running on that port we can not tell you if the service is vulnerable. It is the service or program (i.e. http, telnet, ftp etc)that is vulnerable not the port itself.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

  9. #9
    Just burned his ISO
    Join Date
    May 2008
    Posts
    8

    Default

    Aha...
    Well, so it seems like something uses that port.
    I made a nmap -sV and didnt get the service running there. Do you have some idea about guessing it in another way?

    Thanks for your interest

  10. #10
    Super Moderator Archangel-Amael's Avatar
    Join Date
    Jan 2010
    Location
    Somewhere
    Posts
    8,012

    Default

    Quote Originally Posted by Makinavaja View Post
    Aha...
    Well, so it seems like something uses that port.
    I made a nmap -sV and didnt get the service running there. Do you have some idea about guessing it in another way?

    Thanks for your interest
    Well there might be several ways to do that you could use wireshark to monitor the traffic and then see what types of packets are being sent out.

    Also the other ip address that you post the 87 or whatever what does a whois show you?
    This can provide useful info as well.


    Also what exact commands you are using is helpful like for your nmap scanning.
    This helps us to determine if you have made a mistake and help offer other flags, ideas, etc.
    To be successful here you should read all of the following.
    ForumRules
    ForumFAQ
    If you are new to Back|Track
    Back|Track Wiki
    Failure to do so will probably get your threads deleted or worse.

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •