This is a non-IMPACT record, meaning that access to the data is not controlled by IMPACT. For access, see the directions below.

Disclaimer:
This Resource is offered and provided outside of the IMPACT mediation framework. IMPACT and the IMPACT Coordination Council/Blackfire Technology, Inc. expressly disclaim all conditions, representations and warranties including but not limited to Resource availability, quality, accuracy, non-infringement, and non-interference. All Resource information and access is controlled by entities and under terms that are external to the IMPACT legal framework.

Summary

DS-1110
UDP Scans
External Dataset
External Data Source
Rapid7
Unknown
Unknown
55 (lowest rank is 55)

Category & Restrictions

Other
address space status data
Unrestricted
Unknown

Description


Project Sonar produces multiple UDP datasets every week. This data is gathered by sending protocol-specific UDP probes across the entire IPv4 address space.

The data format is gzip-compressed CSV with one record per line. Each file starts with a list of fields, so any use of this data should either strip the field headers, or pass the appropriate option to the parser. The current fields are timestamp-ts, saddr, sport, daddr, dport, ipid, ttl, and data. The timestamp-ts field is Unix time at UTC. The saddr and sport are the IP address that was scanned and the source port that it replied on respectively. The daddr and dport fields are the IP address and source port of the Project Sonar scanner. The ipid and ttl fields refer to the IP ID and Time to Live values in the response packet. Finally, the data field contains the hex-encoded raw response from the probe.

The example below displays the header and first 9 records from the 2014-10-13 Portmap probe on UDP port 111:

$ curl -s https://scans.io/data/rapid7/sonar.udp/20141013-portmap-111.csv.gz | \
   zcat | head -n 10

timestamp-ts, saddr, sport, daddr, dport, ipid, ttl, data
1413359665,1.0.172.46,111,71.6.216.54,42864,0,45,65720a37000000010000000000000000000000000000000000000001000186a000000002000000060000006f00000001000186a000000002000000110000006f00000000
1413356593,1.0.238.59,111,71.6.216.51,54281,2,49,65720a37000000010000000000000000000000000000000000000001000186a000000002000000060000006f00000001000186a000000002000000110000006f00000000
1413360602,1.0.240.206,111,71.6.216.38,60359,0,50,65720a37000000010000000000000000000000000000000000000001000186a000000002000000060000006f00000001000186a000000002000000110000006f00000000
1413353967,1.0.254.233,111,71.6.216.37,35771,0,50,65720a37000000010000000000000000000000000000000000000001000186a000000002000000060000006f00000001000186a000000002000000110000006f00000001000186b800000001000000110000800000000001000186b8000000010000000600008000000000010005f75a00000002000000060000800100000001000186ab0000000100000011000002d600000001000186ab0000000200000011000002d600000001000186ab0000000100000006000002d900000001000186ab0000000200000006000002d900000001000186a300000002000000110000080100000001000186a300000003000000110000080100000001000186b500000001000000110000800300000001000186b500000003000000110000800300000001000186b500000004000000110000800300000001000186a500000001000000110000800400000001000186a500000001000000060000800200000001000186a500000002000000110000800400000001000186a500000002000000060000800200000001000186a500000003000000110000800400000001000186a500000003000000060000800200000000
1413359172,1.0.4.106,111,71.6.216.58,43145,0,48,65720a37000000010000000000000000000000000000000000000001000186a000000004000000060000006f00000001000186a000000003000000060000006f00000001000186a000000002000000060000006f00000001000186a000000004000000110000006f00000001000186a000000003000000110000006f00000001000186a000000002000000110000006f00000001000186a500000003000000060000964100000001000186a500000001000000060000964200000001000186a300000003000000060000080100000001000186b800000001000000110000d4c300000001000186b8000000010000000600009e2200000001000186b500000004000000060000964400000001000186b500000001000000110000030b000000010001878300000003000000060000080100000001000186b500000001000000060000030d00000000
1413356799,1.0.4.107,111,71.6.216.59,60701,0,48,65720a37000000010000000000000000000000000000000000000001000186a000000004000000060000006f00000001000186a000000003000000060000006f00000001000186a000000002000000060000006f00000001000186a000000004000000110000006f00000001000186a000000003000000110000006f00000001000186a000000002000000110000006f00000001000186a500000003000000060000964100000001000186a500000001000000060000964200000001000186a300000003000000060000080100000001000186b800000001000000110000814400000001000186b800000001000000060000c7e300000001000186b500000004000000060000964400000001000186b50000000100000011000002b7000000010001878300000003000000060000080100000001000186b50000000100000006000002b900000000
1413360637,1.0.5.35,111,71.6.216.47,46775,0,48,65720a37000000010000000000000000000000000000000000000001000186a000000004000000060000006f00000001000186a000000003000000060000006f00000001000186a000000002000000060000006f00000001000186a000000004000000110000006f00000001000186a000000003000000110000006f00000001000186a000000002000000110000006f00000001000186b800000001000000110000a37e00000001000186b800000001000000060000a81200000000
1413352740,1.0.5.36,111,71.6.216.48,33581,0,48,65720a37000000010000000000000000000000000000000000000001000186a000000004000000060000006f00000001000186a000000003000000060000006f00000001000186a000000002000000060000006f00000001000186a000000004000000110000006f00000001000186a000000003000000110000006f00000001000186a000000002000000110000006f00000001000186b800000001000000110000e3fa00000001000186b800000001000000060000dfd300000000
1413358705,1.0.5.47,111,71.6.216.59,41913,13798,111,65720a37000000010000000000000000000000000000000000000001000186a000000002000000110000006f00000001000186a000000003000000110000006f00000001000186a000000004000000110000006f00000001000186a000000002000000060000006f00000001000186a000000003000000060000006f00000001000186a000000004000000060000006f00000001000186a300000002000000060000080100000001000186a300000003000000060000080100000001000186a300000002000000110000080100000001000186a300000003000000110000080100000001000186a300000004000000060000080100000001000186a500000001000000060000080100000001000186a500000002000000060000080100000001000186a500000003000000060000080100000001000186a500000001000000110000080100000001000186a500000002000000110000080100000001000186a500000003000000110000080100000001000186b500000001000000060000080100000001000186b500000002000000060000080100000001000186b500000003000000060000080100000001000186b500000004000000060000080100000001000186b500000001000000110000080100000001000186b500000002000000110000080100000001000186b500000003000000110000080100000001000186b500000004000000110000080100000001000186b800000001000000060000080100000001000186b800000001000000110000080100000000
The table below lists all current and past UDP probes. We use DAP to handle the decoding and processing probe responses. Every probe below has a corresponding DAP decoder filter.

Name      Probe      Port      Description
IPMI      ipmi_623.pkt      623      IPMI Channel Authorization Request
MDNS      mdns_5353.pkt      5353      Multicast DNS (Bonjour) Services Query
NATPMP      natpmp_5351.pkt      5351      NATPMP Ping
NETBIOS      netbios_137.pkt      137      NetBIOS Status Request
NTP Monlist      ntp_123_monlist.pkt      123      NTP Monlist Request (Mode 7)
NTP Readvar      ntp_123.pkt      123      NTP Readvar Request (Mode 6)
PORTMAP      portmap_111.pkt      111      SunRPC Portmap Dump Request
SIP      sip_options.tpl      5060      SIP OPTIONS Request
UPNP      upnp_1900.pkt      1900      UPNP SSDP M-SEARCH Request
WDBRPC      wdbrpc_17185.pkt      17185      VxWorks Debugger Connect Request
BACNET      bacnet_rpm_47808.pkt      47808      BACNET RPM Request
DNS      dns_53.pkt      53      DNS bind.version Request
MSSQL      mssql_1434.pkt      1434      MSSQL Ping ; research@rapid7.com

Additional Details

N/A
false
false
web scraping, microcomputers, computer hardware standards, curl, automatic identification and data capture, packets, authorization, transport layer security, external data source, address space, computer architecture, embedded system, internet protocol, portmap, open network computing remote procedure call, communication, source port, network packet, uniform resource identifier, hypertext transfer protocol, history of computing hardware, 1110, building automation, software maintenance, processor, bonjour, history of computing, digital media, roper technologies, ip address, unix, network analyzers, ping, data field, cryptographic protocol, communication protocol, application layer protocols, intelligent platform management interface, multicast dns, database application, intel hex, servers, ipv4, domain name system, bacnet, internet governance, microsoft sql server, universal plug and play, netbios, udp scans, operating system, inferlink corporation, computer file formats, multicast, secure communication, time to live, port scanner, internet broadcasting, exploit