Auditor Basic FAQ

Question:  What ports are utilized by Auditor?

Answer:  Port utilization will vary depending on the information you are collecting. Below is a list based on the data you are collecting:

Windows Servers/workstations:

NetBIOS:

NetBIOS ports 137, 138 and 139 TCP & UDP

137 NetBios Name Service

138 Datagram Service

139 Session Service

SMB over IP port 445 TCP

Endpoint Mapper port 135

RPC port negotiation

RPC "named-pipe" connections can be constructed between the two systems
at "unprivileged" port numbers, those greater than 1024. This requires
RPC negotiation that can include port 135 (mapping the two endpoints).
RPC ports are >1024 and purposefully random to avoid spoofed
connections.


Exchange Servers:

All of the above, plus

LDAP use port 389 or 636 in SSL/TLS mode



MS SQL:

1433 TCP



UNIX Solaris/HPUX/Linux/Aix) Ports:

Telnet uses TCP on port 21 and SSH on port 22 (protocol defaults)
Alternate port can be specified in the UI


Cisco:

Telnet uses TCP on port 21 and SSH on port 22 (protocol defaults)




Oracle:

Recommended Port Numbers
Oracle Corporations recommends the following port numbers for TCP/IP and
TCP /IP with SSL protocol addresses:

Port Protocol Description
------------------------------------------------------
1521 TCP/IP Default listening port for client
connections to the listener.

2481 TCP/IP Recommended and officially registered
listening port for
client connections to the Oracle8i
JServer option.

2482 TCP/IP with SSL Recommended and officially registered
listening port for
client connections to the Oracle8i
JServer option.

1575 TCP/IP or TCP/IP (SSL) Default and officially registered
listening port for a client
connection to an Oracle Names server.

1630 TCP/IP Default and officially registered
listening port for client
connections to Oracle Connection
Manager.

1830 TCP/IP Default and offic




Domino:

Port 1352 TCP, 139 TCP/UDP (NB Session), 500 (UDP/ICMP/ISAKMP), 137
(UDP/NBNS)



NetWare:

Port 524 TCP/UDP (NCP)
above 1024



IIS:

RPC "named-pipe" connections can be constructed between the two systems
at "unprivileged" port numbers, those greater than 1024. This requires
RPC negotiation that can include port 135 (mapping the two endpoints).
RPC ports are >1024 and purposefully random to avoid spoofed
connections.