ran nmap to see what ports are open on pic related
> PORT STATE SERVICE
> 80/tcp open http
> 443/tcp open https
> 8081/tcp filtered blackice-icecap
> 8082/tcp filtered blackice-alerts
WTF are 8081 and 8082? how can i connect to them to see what's running?
netcat doesn't show anything
> nc -vv 192.168.0.1 8081
any ideas?
It fucking tells you right there.
>blackice-icecap
>blackice-alerts
>CECap Manager is a management console for BlackICE IDS Agents and Sentries. By default, ICECap Manager listens on port 8081, transmits alert messages to another server on port 8082
can someone with an arris modem do a port scan on their's?
>>60169930
thanks, what i'm trying to figure out is: is blackice really running on my modem (i doubt arris or the isp use it). i think nmap is just giving its best guess what ports 8081 and 8082 are. how do i find out what's actually listening on these ports?
>>60169972
Wireshark
>>60170071
thx, what traffic should i listen to with wireshark?
>>60170163
Traffic to the ports you mentioned in your post. 8081, 8082. Try to connect to it and see what the replay is via wireshark.
>>60168764
>>60169972
>>60170163
Holy shit OP are you braindead?
it may be SNMP
8081 - isp monitoring what bandwidth the router is consuming in case of hacked firmware
8082 - "customer service"
check 52869 and 50k-60k range, 52869 is usually open without any password for firmware flashing to the outside in most routers ;)