Note that UDP port 161 is SNMP. SNMP also makes use of UDP port 162
to send trap/alert messages.
You can find a list of the well known and registered TCP and UDP port
numbers at :
Though malicious SNMP scanning does exist (it can identify "open" HP
hubs and printers for one thing) there are many cases of software
sending out SNMP probes in the natural course of events (programs which
use SNMP as one tool to attempt to map out a network via SNMP, printer
drivers attempting to browse and probe for HP printers to list for
users wishing to select a printer, network management stations
'discovering' managed objects with SNMP agents and associated MIBs,
etc). Browsing remote SNMP MIBs you can often determine the remote
system type, OS level and other useful information when managing and
doing an inventory of your network (of course in the wrong hands that
info can be used against you).
>From: dons @
com (Don Shesnicky)
>Does anyone have a complete list of port numbers? I have a firewall
>where I am seeing traffic on port 161 but haven't been able to
>track it down. All of the hosts behind the firewall are NT boxes
>and I'm thinking that it's related to WINS. It seems that when I
>do a Network browse it starts firing off packets to all IP addresses
>on the other side of the firewall via udp port 161. It seems to start
>at one IP and then increment bit wise.
>I've found some web pages that list port numbers but they're pretty
>much the same as unix:/etc/services. > >Don >
H. Morrow Long, Yale Univ IT ISO -Info Technology Services Info Security Officer
175 Whitney Avenue, New Haven, CT 06520-8276, (203)432-1248(voice) 432-0593(FAX)
INET: http://pantheon.yale.edu/~long/ mailto:Morrow .
PAGE: (203)370-3081, (800)347-2574, mailto:1165469 @
com PIN# 1165469
PGP 1024/54F9FD69 1997/08/25 fp 97 ED E7 9D 41 8A 90 8C 4D 7C 22 56 80 BA 84 09