Monitor a UDP port
Hi,
I could find a solution for my problem. I need to monitor a UDP port.
For the TCP ports i'm using MP template TCP Port, but for the UDP i don't find any tool.
My question is. It's possible to monitor UPD ports in SCOM 2012 R2? If yes, how?
Thank you,
Rui
Hi Rui,
I have found a possibility to do this. Hope you understand this and it is helpful. This is a two step process but guess will definitely server the purpose.
Scope: We will be running a tool which will monitor a port (TCP or UDP) for a specific host / IP and will throw a log file.
SCOM will monitor the log file and will throw a alert if the log file contains the string NOT LISTENING (Port not working or unable to open the port) which the program will create the log with the results.
First download the program named: PortQry Command Line Port Scanner Version 2.0 from microsoft using the below link. It is a command line tool.
http://www.microsoft.com/en-in/download/details.aspx?id=17148
Run it using by making a batch file or powershell script using task scheduler as per your time requirement (Every 5 min or 1Hr).
Use this command to monitor a ip / hostname and its port with TCP or UDP.
I have pasted the command file of the program in C:\Port_checker directory so i am using the below syntax
C:\Port_checker\PortQry.exe -N 192.168.1.1 -e 5723 -p UDP -l C:\Port_checker\Result.log /y
-N = Hostname / FQDN of agent or Ip address
-E = Port # what you want to monitor
-P = Protocol (TCP or UDP)
-L = Generate log on the following location and name
/Y = To replace the existing log file name to fresh one without prompt.
The result in the log file will be as follows:
============================
For successful port open:
PortQry Version 2.0 Log File
System Date: Tue Oct 07 09:42:32 2014
Command run:
C:\PortQryV2\PortQry.exe -N 192.168.1.1 -e 5723 -p UDP -l C:\Portqryv2\Result.log /y
Local computer name:
192.168.1.2
Querying target system called:
192.168.1.1
Attempting to resolve name to IP address...
Name resolved to 192.168.1.1
querying...
UDP port 5723 (unknown service): LISTENING
========= end of log file =========
PortQry developed by Tim Rains
For failure port open:
PortQry Version 2.0 Log File
System Date: Tue Oct 07 09:42:32 2014
Command run:
C:\PortQryV2\PortQry.exe -N 192.168.1.1 -e 5723 -p UDP -l C:\Portqryv2\Result.log /y
Local computer name:
192.168.1.2
Querying target system called:
192.168.1.1
Attempting to resolve name to IP address...
Name resolved to 192.168.1.1
querying...
UDP port 5723 (unknown service): NOT LISTENING
========= end of log file =========
PortQry developed by Tim Rains
Now as per the above results NOT LISTENING Port is blocked or is not opened and LISTENING
means working or port is opened.
So now using SCOM you will monitor the log file Result.log
in the location C:\Port_checker\ saying if NOT LISTENING
comes in the log file throw me a alert in SCOM consle or via email.
To configure that alert you need to create a Generic text log alerting Rule which will throw a alert if any thing added in that log which is not to be added and if it is added like NOT LISTENING
then it will throw a alert.
Refer this link on how to open a Generic text log alerting Rule.
http://blogs.technet.com/b/kevinholman/archive/2009/06/20/using-a-generic-text-log-rule-to-monitor-an-ascii-text-file-even-when-the-file-is-a-unc-path.aspx
Gautam.75801
Similar Messages
-
Anybody know what tcp or udp port # is used by Server Monitor?
Hi everyone. I've been lookin' all over ****'s half-acre to find out what port # is required for Server Monitor with no luck. Sure, I can access the local IP address on the LAN, but for LOM to be truly useful...I need to access from WAN. Since my public IP takes me direct to the server itself (and other ports on that ip do other things), I really need to know what port # is used to forward Server Monitor traffic. Anyone?
Thanks!
EdEd LaComb-
I do have this link to well known TCP and UDP ports used by Apple software products.
I am fairly certain the answer lies within.
Luck-
-DaddyPaycheck -
UDP PORT 445 Not listed in System Process
Hi! Can you help me? I need the UDP PORT 445 listed on SYSTEM Process.
I open UDP PORT 445 on Firewall (WSBS 2011), but in Syshelp (symatech validation too) the result is:
Title: One or more network services, ports, protocols or associated processes may need attention
Product: Backup Exec Server
Status: Warning
Details:
Warning SYSTEM's UDP port 445 is not open or listening.
Warning Port is not open or listening.
UDP Process: System
Ok SYSTEM is the correct process for UDP port 137
Ok Port 137 with protocol UDP is open on the following IP addresses: - 25.54.28.213
- 169.254.41.25
- 169.254.244.222
- 192.168.0.6
- 192.168.1.2
Ok Process System has port 137 with protocol UDP open.
Ok Process System has port 137 with protocol UDP open.
Ok Process System has port 137 with protocol UDP open.
Ok Process System has port 137 with protocol UDP open.
Ok Process System has port 137 with protocol UDP open.
Information Network service name not defined. Test skipped.
Information Default settings - Network Service Name: netbios-ns Port: 137 Protocol: UDP Process: System
Ok SYSTEM is the correct process for UDP port 138
Ok Port 138 with protocol UDP is open on the following IP addresses: - 25.54.28.213
- 169.254.41.25
- 169.254.244.222
- 192.168.0.6
- 192.168.1.2
Ok Process System has port 138 with protocol UDP open.
Ok Process System has port 138 with protocol UDP open.
Ok Process System has port 138 with protocol UDP open.
Ok Process System has port 138 with protocol UDP open.
Ok Process System has port 138 with protocol UDP open.
Information Network service name not defined. Test skipped.
Information Default settings - Network Service Name: netbios-dgm Port: 138 Protocol: UDP Process: System
Ok SYSTEM is the correct process for TCP port 445
Ok Port 445 with protocol TCP is open on the following IP addresses: - 0.0.0.0
Ok Process System has port 445 with protocol TCP open.
Information Network service name not defined. Test skipped.
Information Default settings - Network Service Name: microsoft-ds Port: 445 Protocol: TCP Process: SystemHi,
à
I need the UDP PORT 445 listed on SYSTEM Process.
à
Warning SYSTEM's UDP port 445 is not open or listening.
Based on your description, I’m a little confused with this issue. Please run following commands with administrator
permission and monitor the result. Would you please check and confirm whether any process listened the UDP port 445?
netstat –ab
netstat -a | find /i "445"
In addition, I noticed that you use Syshelp (Symantec validation tool) to check. I suggest that you would post
the warning message in Symantec Forum and confirm this issue. I believe we will get a better assistance there.
If anything I misunderstand, please don’t hesitate to let me know.
Hope this helps.
Best regards,
Justin Gu -
Operations Manager 2012 doesn't listening SNMP Trap UDP port 162
hi,
SCOM 2012 SP1, how come the operations manager started but the SNMP Trap UDP port 162 not listening?
Without this port listening, I can't testing SNMP trap on SCOM.
Thanks...KENHi,
As described in the following blog, the TRAP service should be installed but turned off, we could not get traps coming in until we turned the service back on.
So please verify if the service is on. You can continue audit the ports by running netstat –a.
System Center 2012 Notes From the Field
http://scom-2012.blogspot.in/2012/07/setting-up-snmp-monitoring-in-scom-2012.html
Please Note: Since the web site is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.
Hope this helps. -
How can we find out which application is runing UDP port 69?
Whenever I run Cisco Network Assistant on my Windows 7 computer, I receive "The embedded TFTP server cannot start".
netstat -an|more shows “udp 0 0 0.0.0.0:69 ...” How can we find out which application is runing UDP port 69?
Bob Lin, MCSE & CNE Networking, Internet, Routing, VPN Networking, Internet, Routing, VPN Troubleshooting on http://www.ChicagoTech.net How to Install and Configure Windows, VMware, Virtualization and Cisco on http://www.HowToNetworking.comThese ones may help.
Have you ever wanted to see which Windows
process sends a certain packet out to network?
Process
Monitor v3.1
Regards, Dave Patrick ....
Microsoft Certified Professional
Microsoft MVP [Windows]
Disclaimer: This posting is provided "AS IS" with no warranties or guarantees , and confers no rights. -
My Network of Macs keep broadcasting to udp port 8612 every few seconds
This problem was answered nicely by "Hunter3740" and Apple archieved it....It is still valid/needed for Mountain Lion!
https://discussions.apple.com/thread/2464784?start=0&tstart=0
Here is how to stop your Mac from broadcasting to udp port 8612 every few seconds without using a Terminal WIndow:
Under Utilities (In Applicatiopn Folder) launch the Activity Monitor, then show "All Processes" and find the one named "CIJScannerRegister.app" and hit the Stop Sign (Quit Process).
Then follow this Machintosh HD--->Library-->Image Capture--->Support--->LegacyDeviceDiscoveryHelpers---->then throw "CIJScannerRegister.app" in the trash and empty it.
Bingo...the broadcast stops.
Apple: Can you fix this turd with a system update?Is there a chance that someone has installed some kind of
software on the computer that is trying to "call home?"
The app known as Little Snitch can tell what may be in there
and if it is responsible for these odd network calls out.
How is the port security set up in the Mac? And why would
those ports need to be open unless there was a real purpose?
With my Macs, all of the ports in Firewall are closed to access
except for the Network Time Server to keep the clock correct.
{Some are used to share files between computers, & to chat; etc.}
Do you have more than two user accounts in the computer, and
if so, is your Admin account only used to update and maintain
the OS X & to install apps for other users? The levels of security
in Mac OS X can be controlled; and such odd port calls if or when
there is no need, are signs that something is not quite right.
Have you looked into the Console utility to see what is causing the
hang at those time intervals you know this has happened? There
are several different logs and reports in there; some won't apply.
Do the children who use the computer, have access to or know the
Admin account's password? A second user, from their account, can
install software and do other things, if that password is available.
I noticed you had a similar post last month that appeared to go without
a reply; now it is locked and can't be replied to anyway. So this issue
has been going on for some time. What may have happened in the past
year or so, to start this issue in that computer? Something, for certain.
Good luck & happy computing! -
UDP port 161 on IPCC/ICM servers
I am trying to setup Solarwinds monitoring via SNMP on our IPCC/ICM servers. The servers are AW, PGs and Router/Loggers.
Do the IPCC/ICM applications use UDP port 161? I cannot start the SNMP service on the servers due to UDP port 161 is already being used.
According to Windows task manager, the port is used by PID snmpdm.exe.
Any info or comment is appreciated. Thanks.Yes it's not the same. Why, I do not know.
On ICM Windows boxes you use the MMC snapin, but on CVP you use the Ops Console which writes into cfg files and pushes them to the box.
At the end of the day the basics of community name, access list, trap destination are known by the agent on the ICM or CVP server.
Regards,
Geoff -
DMVPN-Why received packet doesn't use UDP port 4500 but 500?
Hello everyone
I got a problem with my DMVPN. Spoke is behind a NAT device. x.x.x.x is an public IP address which hub uses. I don't know why it discovered that the hub is also inside a NAT device. And after it sends a packet using port 4500, the received packet from hub was not using port 4500 but 500. I'm confused now. Any advise would be much appreciated.
*Sep 10 08:56:02 UTC: ISAKMP:(0): beginning Main Mode exchange
*Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
*Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_NO_STATE
*Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing SA payload. message ID = 0
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
*Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
*Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching
*Sep 10 08:56:02 UTC: ISAKMP:(0): local preshared key found
*Sep 10 08:56:02 UTC: ISAKMP : Scanning profiles for xauth ...
*Sep 10 08:56:02 UTC: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
*Sep 10 08:56:02 UTC: ISAKMP: encryption 3DES-CBC
*Sep 10 08:56:02 UTC: ISAKMP: hash MD5
*Sep 10 08:56:02 UTC: ISAKMP: default group 1
*Sep 10 08:56:02 UTC: ISAKMP: auth pre-share
*Sep 10 08:56:02 UTC: ISAKMP: life type in seconds
*Sep 10 08:56:02 UTC: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Sep 10 08:56:02 UTC: ISAKMP:(0):atts are acceptable. Next payload is 0
*Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:actual life: 0
*Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:life: 0
*Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa vpi_length:4
*Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
*Sep 10 08:56:02 UTC: ISAKMP:(0):Returning Actual lifetime: 86400
*Sep 10 08:56:02 UTC: ISAKMP:(0)::Started lifetime timer: 86400.
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
*Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
*Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
*Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_SA_SETUP
*Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
*Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_SA_SETUP
*Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing KE payload. message ID = 0
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing NONCE payload. message ID = 0
*Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching x.x.x.x
*Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is Unity
*Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is DPD
*Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(2746): speaking to another IOS box!
*Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
*Sep 10 08:56:02 UTC: ISAKMP (2746): NAT found, both nodes inside NAT
*Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
*Sep 10 08:56:02 UTC: ISAKMP (2746): My hash no match - this node inside NAT
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4 New State = IKE_I_MM4
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Send initial contact
*Sep 10 08:56:02 UTC: ISAKMP:(2746):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Sep 10 08:56:02 UTC: ISAKMP (2746): ID payload
next-payload : 8
type : 1
address : 192.168.1.101
protocol : 17
port : 0
length : 12
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Total payload length: 12
*Sep 10 08:56:02 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4 New State = IKE_I_MM5
*Sep 10 08:56:03 UTC: ISAKMP (2746): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_KEY_EXCH
*Sep 10 08:56:03 UTC: ISAKMP:(2746): phase 1 packet is a duplicate of a previous packet.
*Sep 10 08:56:03 UTC: ISAKMP:(2746): retransmitting due to retransmit phase 1
*Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH...
*Sep 10 08:56:04 UTC: ISAKMP (2746): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH
*Sep 10 08:56:04 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
*Sep 10 08:56:04 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.This could be because the port 4500 packet that is being sent is not being received by the peer side or it is ignoring that packet.
Since the port 500 packet that you are receiving is a duplicate of the previous packet it is definitely not a reply packet for the port 4500 packet.
If you can get the debugs from the other end, then you could see if the peer side is receiving the udp port 4500 packets.
If not that then this could be a UDP port 4500 block with the ISP. -
How to connect an external hard drive and monitor a single port thuderbolt
how to connect an external hard drive and monitor a single port thuderbolt
Yu connect the HDD to your Mac and then the monitor to the HDD.
The HDD should have TWO T-Bird ports on the enclosure.
Its called daisy chaining and up to five devices can be connected in this fashion. -
Can the last link in a thunderbolt daisy-chain be a non-thunderbolt monitor, using miniDisplay port?
For example, Mac mini <--> external SSD <--> apple cinema display 30" (using miniDisplay port adaptor plugged into the SSD's second thunderbolt port)TechnoMax wrote:
for instance STAE122 or STAE 127?
FWIW, STAE129 is the current version TB adapter
that is self powered and has TB daisy chain port.
STAE122 and STAE127 are older versions and
not the current model, though there may be stock of
these around. As to whether this will solve your issue,
I don't know.
Can I trick the Mac under Bootcamp as OS to use HDMI for the monitor? Dell officially says that the monitor can only accept 1900x1080 over HDMI, but some have fiddled wth different computers with custom settings that worked with some Monitors but mostly under Linux and to Dell 2711.
The MacMini HDMI port is hardware limited to 1980x1200. -
TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall
Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
Thank youIt should be the same as the documentation for all Software Updates:
https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
Make sure to expand the "restrict access to specific domains" section to see the update related URLs. -
Will an X220 drive a Dell UP2414Q 4K 3840 x 2160 Monitor via Display Port?
I've not been able to find any information about this on the web and there is definitely some confusion about DisplayPort versions - could some one answer the question will an X220 drive a Dell UP2414Q 4K IPS Monitor at it's native resolution of 3840 x 2160 Monitor via Display Port? Would that be at 30Hz rather than 60Hz?
Many thanks, Mark.
Solved!
Go to Solution.The X220 will drive the Dell UP2414Q 4K resolution through Displayport. I have tested this on the Pro2840m LCD which has the same resolution. But only on 30 hz refresh rate.
The X220 with the Series 3 Workstation Dock will drive 2 of the Pro2840m through 2 separate displayport.
The X201 will also drive this 4K resolution, as long as the LCD's 4K can accept Displayport 1.1 standard (on the 1.2 standard, the LCD will stay blank).
https://www.flickr.com/photos/lead_org/14671257827/in/set-72157645860787090
the above image confirms the 4K resolution and my X220 driving that resolution @ 30 hz.
For 60 hz refresh rate on the 4K resolution with integrated Intel GPU, you need Haswell CPU with the HD5000 graphics card, anything below that will only drive the 4K resolution at 30 Hz.
Regards,
Jin Li
May this year, be the year of 'DO'!
I am a volunteer, and not a paid staff of Lenovo or Microsoft -
Hi,
I noticed in my home router logs that my MAC Mini "scans" UDP ports in the 33xxx range to an address 70.38.54.77 ... a quick search shows others complains but not result or explanation. I am looking to see if this is some piece of sw installed in my MAC or perhaps how to block traffic to/from that IP (or its subnet).
See below - .149 is my MAC mini IP address at home.
Outgoing log
LAN IP address
|
Destination URL or IP address
|
Service or port number
192.168.2.149
70.38.54.77
33495
192.168.2.149
70.38.54.77
33494
192.168.2.149
70.38.54.77
33493
192.168.2.149
70.38.54.77
33492
192.168.2.149
70.38.54.77
33491
192.168.2.149
70.38.54.77
33490
192.168.2.149
70.38.54.77
33489
192.168.2.149
70.38.54.77
33488
192.168.2.149
70.38.54.77
33487
192.168.2.149
70.38.54.77
33486
192.168.2.149
70.38.54.77
33485
192.168.2.149
70.38.54.77
33484
192.168.2.149
70.38.54.77
33483
192.168.2.149
70.38.54.77
33482
192.168.2.149
70.38.54.77
33481
192.168.2.149
70.38.54.77
33480
192.168.2.149
70.38.54.77
33479
192.168.2.149
70.38.54.77
33478
192.168.2.149
70.38.54.77
33477
192.168.2.149
70.38.54.77
33476
192.168.2.149
70.38.54.77
33475
192.168.2.149
70.38.54.77
33474
192.168.2.149
70.38.54.77
33473
192.168.2.149
70.38.54.77
33472
192.168.2.149
70.38.54.77
33471
192.168.2.149
70.38.54.77
33470
192.168.2.149
70.38.54.77
33469
192.168.2.149
70.38.54.77
33468
192.168.2.149
70.38.54.77
33467
Thanks in advance.Is that your IP & ISP?
NetRange: 70.38.54.64 - 70.38.54.95
CIDR: 70.38.54.64/27
OriginAS:
NetName: IWEB-CL-T140-02SH
To see if it's you/your provider, What's my ip...
http://www.whatismyipaddress.com/
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
And will tell you what wants to use that port, then you can choose to allow or deny. -
Identify Ports for AD - External UDP port scanner
Greetings all,
I am trying to figure out which UDP port is alarming on the "AD - External UDP port scanners (13005)" signature. By default, the signature is set to summarize which looks something like this "NumDestIps=100; currentTHreshold=100. protocol=1".
From the "Protocol = 1" line I am assuming all scanning is hitting up on a single destination protocol - I need to know which protocol / port number.
I've already attempted to turn on "log attacker, pair, and victim" packets. Verbose is not an option for this signature. I have also tried changing alert Frequency to "fire all" or just uncheck the "Summary Mode" box. None of this tells me the destination/victim port. I do see under a protocol field "ICMP" but i don't believe that pertains to the source port. Any ideas on how I might find this information?TCP/445 is used by Microsoft file sharing (CIFS), and by default that port is opened on all Microsoft PC basically to allow file sharing.
If you open up DOS prompt, and type: netstat -na, you would see that your PC is by default listening on TCP/445.
Here is more information on Microsoft-DS (TCP/445):
http://www.linklogger.com/TCP445.htm
http://en.wikipedia.org/wiki/Server_Message_Block
So it really depends on your corporate security policy, whether to allow file sharing or not within the network. IPS is picking that up because it is an easier way of exploiting a PC since the port is opened by default. -
Should I block TCP/UDP ports 135 to 139 on my router?
For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router? This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation? When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth. Ideally, they should all be Stealth.
Have a read here: http://securityspread.com/2013/07/26/firewall/
Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
The specific ports you mention pose no risk to OS X as far as I am aware.
Maybe you are looking for
-
Photoshop Pressure Doesn't work on Multitouch Tablet Pc's!
I have a Hp tx2z. Its got a screen made by Ntrig and not by wacom. So instead of using the standard wintab api it uses standard hid based USB instructions. The Dell Latitude Xt and XT2 both use these screens. I was told by the people at Ntrig that Ad
-
Hi All, We need to translate a custom from labels from English to Japanese, so that both US and Japan can use that form. So we have used Oracle Translation Builder to specify the translation. As an initial step, we just changed the labels to some oth
-
Changing fontsize of fieldnames in ALV ?
and some other questions 1 ) Is it possible to change the fieldnames in an alv report. we have for instance 24 fields for 2 years the fieldname is 01-2007 till 12-2006 only the width of the field is larger then the amount of hours filled in. with pri
-
HTTP Servevice not starting up in Trex 7.0
Hi All, I have installed Trex 7.0 SR1 and then applied the revision 47 on Windows 2003 SP 1 32 bit system. Struck with issue related to starting httpserver in the Trec Admin Tool ,status is always red there. When i am clicking restart, it says that r
-
Actionscript 3 and navigateToUrl Method
Hi All, I have a flash file with some buttons to open web addresses , I have made xml file to store my URL and then read them and parse them and assign the buttons functions to open url: btnRadio.addEventListener(MouseEvent.CLICK, function() { naviga