Have you tried to strace it from the startup to the end ? You would sure see the creation of this port and know more. That’s the technique I use when the software is blackbox to me. My strace invocation is using
/usr/bin/strace -fF -ttT -v -o strace.log -s 255 <PROGRAM> ++Cyrille From: openldap-technical [mailto:[email protected]] On Behalf Of Sreekanth Sukumaran Sent: Monday, September 26, 2016 12:59 PM To: [email protected] Subject: OpenLDAP server attack surface analysis shows UDP port 63515 in unknown state Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group Hi All, OpenLDAP version : 2.4.39 on windows Tool used : Microsoft Attack surface analyzer We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established) [Inline image 1] We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well. Has anyone an idea on what this port could be for. Inputs are much appreciated. -- Regards, Sreekanth -- Regards, Sreekanth 09036794524
