Have you tried to strace it from the startup to the end ?

You would sure see the creation of this port and know more.

That’s the technique I use when the software is blackbox to me.

My strace invocation is using


/usr/bin/strace -fF -ttT -v -o strace.log -s 255 <PROGRAM>




From: openldap-technical [mailto:openldap-technical-bounces@openldap.org] On Behalf Of Sreekanth Sukumaran
Sent: Monday, September 26, 2016 12:59 PM
To: openldap-technical@openldap.org
Subject: OpenLDAP server attack surface analysis shows UDP port 63515 in unknown state


Sorry, I missed to add subject in the last mail. Resending with subject. sorry about spamming the group

Hi All,


OpenLDAP version : 2.4.39 on windows

Tool used : Microsoft Attack surface analyzer


We have been doing attack surface analysis on OpenLDAP server, and we have found that there is an UDP port 63515 associated with OpenLDAP server. (state shows "Unknown", not listening or established)


Inline image 1


We have not connected any clients to OpenLDAP server, so we cannot think of it as an ephemeral port at server end as well.


Has anyone an idea on what this port could be for. Inputs are much appreciated.