What does this port for/do? * 345 UDP/TCP

p@r0tuXus

All I can find online is that it's for pawserv (Perf Analysis Workbench). Some information pointed to auditing. Does anybody know anything more about this port and the traffic/applications associated with it?

TechGromit

p@r0tuXus wrote: »

All I can find online is that it's for pawserv (Perf Analysis Workbench). Some information pointed to auditing. Does anybody know anything more about this port and the traffic/applications associated with it?

The only reference I can find is "Performance Analysis Workbench", no software is pacifically associated with this name. I found this on a Linux site, pawserv is the server for distributed PAW. It listens for connections on port 345. Protocol to Access White-Space (PAWS) Databases RFC 7545. Has something to do with managing Radio Spectrum space, other than that I haven't a clue

beads

Have you interrogated the machine with NMAP or Nessus yet to see what the OS and other peculiarities might or might not be? Always a chance its just a random port opened by someone for use as something other than what you might expect. I have seen lots of odd P2P traffic on non-specific ports over the years. This may be one of those times.

- b/eads

HaroldG

NSA uses this port to spy.

BlackBeret

Port 345, it does whatever I tell it to do, like most ports.

p@r0tuXus

beads-

There may be some P2P traffic involved, UDP. Using peerblock, I can see where the traffic is going, IP's and the associated Host/Organization Owner. Various places that traffic is trying to go to and although it isn't getting there, it's all going out one port. Additionally, taking the eLearnSecurity PTS barebones course, they use the port 345 when disecting HTTP headers and session lessons. Granted, they use it in an example format, it had me wondering what it was for and since I can't find answers, I'm REALLY curious what it is! I intend to take a pcap of it tonight when I get home and have time to play with it.