I'm not a firewall expert, so need some help with understanding the difference between my windows firewall rules and what netstat is displaying. Some computers at my company only allow inbound traffic on several ports due to regulations, all other ports are blocked by default.
For example, one computer might allow TCP 20,21,23,80,443,445, and 3389.
When I do a netstat command however, I see many "listening" ports that should not be allowed:
Proto Local Foreign State
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:9002 0.0.0.0:0 LISTENING
TCP 0.0.0.0:16992 0.0.0.0:0 LISTENING
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49152 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49153 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49154 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49155 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49156 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49166 0.0.0.0:0 LISTENING
TCP 0.0.0.0:49178 0.0.0.0:0 LISTENING
I need some help with understanding why the two do not agree...are these ports trying to listen on a particular port, but the firewall won't allow any traffic to pass through to them?
Thank you.
The inbound firewall rules prevent hosts from successfully connecting to ports on the local system. These can be written to prevent external hosts from connecting (typical) and can even be written to prevent localhost from connecting (unusual). The firewall does not prevent a local program from running or binding to a listening port.
Netstat has nothing to do with this. Netstat reports which ports are Listening, Established, SYN_Received, etc. The firewall does nothing to prevent local programs from listening on ports on any interface.
Related
I'm not an expert in HAProxy. What I see is over time haproxy seems to accumulate (tens of)thousands of TCP sessions, and the source seems to be the same as the server...?
Why is it creating sessions with ports other than 8123 it's bound to?
frontend tcp_front
bind *:8123
mode tcp
default_backend host_sub5
backend host_sub5
mode tcp
server node2 0.0.0.0:8123 check
show sess - this is a tiny fraction but the ports seem to grow sequentially like it's a netscan
haproxy 772263 haproxy *263u IPv4 626477013 0t0 TCP 127.215.21.22:38423->127.215.21.22:8123 (ESTABLISHED)
haproxy 772263 haproxy *264u IPv4 626477014 0t0 TCP 127.215.21.22:8123->127.215.21.22:38423 (ESTABLISHED)
haproxy 772263 haproxy *265u IPv4 626477016 0t0 TCP 127.215.21.22:38435->127.215.21.22:8123 (ESTABLISHED)
haproxy 772263 haproxy *266u IPv4 626477035 0t0 TCP 127.215.21.22:8123->127.215.21.22:38435 (ESTABLISHED)
haproxy 772263 haproxy *267u IPv4 626477037 0t0 TCP 127.215.21.22:38437->127.215.21.22:8123 (ESTABLISHED)
haproxy 772263 haproxy *268u IPv4 626477041 0t0 TCP 127.215.21.22:8123->127.215.21.22:38437 (ESTABLISHED)
I'm trying to connect to my google vps server, but constantly getting error :
java.net.SocketTimeoutException: timeout
java.net.SocketException: Socket closed
I've created system service on my server, which listens on the port 8080. I've forwarded the default http traffic to port 8080 and made sure ports 80 & 8080 are open:
iptables -t nat -I PREROUTING -p tcp --dport 80 -j REDIRECT --to-ports 8080
sudo iptables -A INPUT -p tcp --dport 80 -j ACCEPT
sudo iptables -A INPUT -p tcp --dport 8080 -j ACCEPT
I've also saved the iptable rules :
sudo apt-get install iptables-persistent
I've checked if the service actually listens on the port by sudo netstat -tunlp:
tcp6 0 0 :::8080 :::* LISTEN 5789/java -> it does
This is my retrofitBuilder in app, which is trying to connect to server with standard http port :
return Retrofit.Builder()
.baseUrl("http://34.118.22.134/")
.addConverterFactory(MoshiConverterFactory.create())
.build()
.create()
}
When testing the service locally, it works as expected,also the service on the servers works fine.
When I do sudo ss -ltnp, I see that port 80 is not in "listening state", only port 8080 and several others are. I dont want to use uwf to enable it because that will disrupt the SSH connection.
The postman can't reach server as well and it's throwing 500-internal server error.
I do not manipulate sockets in code in any way.
In my python script, when it tries to place a GET request from remote machine to a service running inside a kubernetes pod (test-pod), I am getting the below error:
unapiflaskapp.get_from_server: ERROR: GET from server: request 'https://test-pod:9906/statuses' got error
ConnectionError: ('Connection aborted.', error(104, 'Connection reset by peer'))
The service running inside test-pod will be listening on 9906 port.
Netstat output inside a container where this service binded to 9906 port (10.92.120.6 - remote machine ip from where GET request will come from and 10.30.4.20 which is eth1 ip inside container where the port is binded to):
[root#test-pod ]# netstat -talpn|grep 9906
tcp 0 0 127.0.0.1:9906 0.0.0.0:* LISTEN -
tcp 0 0 10.30.4.20:9906 0.0.0.0:* LISTEN -
tcp 0 1840 10.30.4.20:9906 10.92.120.6:33898 ESTABLISHED -
tcp 0 1841 10.30.4.20:9906 10.92.120.6:59972 LAST_ACK -
tcp 0 1841 10.30.4.20:9906 10.92.120.6:60544 LAST_ACK -
tcp 0 1841 10.30.4.20:9906 10.92.120.6:59452 LAST_ACK -
tcp 0 1841 10.30.4.20:9906 10.92.120.6:32840 LAST_ACK -
but the telnet connection got success from remote machine to test-pod:
root#remote_machine$ telnet 10.92.50.19 9906
Trying 10.92.50.19...
Connected to 10.92.50.19.
Escape character is '^]'.
10.92.50.19 is eth1 interface ip in my workernode which is bridged using ipvlan to 10.30.4.20 which is eth1 ip inside container where the port is binded to.
It would be really helpful if someone helps me out to understand this issue and find a fix for the same. Hope anyone helps me with this issue. Thanks in advance!
when i run command netstat -ano I have:
PS Y:\PowerShell> netstat -ano
Active Connections
Proto Local Address Foreign Address State PID
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 376
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2222 0.0.0.0:0 LISTENING 2364
TCP 0.0.0.0:3389 0.0.0.0:0 LISTENING 1748
TCP 0.0.0.0:5985 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:6081 0.0.0.0:0 LISTENING 2556
TCP 0.0.0.0:8001 0.0.0.0:0 LISTENING 3772
TCP 0.0.0.0:47001 0.0.0.0:0 LISTENING 4
But what I really wanna get is:
Active Connections
PID
4
376
4
2364
1748
4
2556
3772
4
I can't use: netstat -ano| select PID because it's not powershell command.
PowerShell version of netstat is Get-NetTCPConnection and it will return with objects.
Get-NetTCPConnection -State Listen
You may use the command below to list only PIDs:
Get-NetTCPConnection -State Listen | Select-Object -ExpandProperty OwningProcess
All, I am not familiar with the JBoss, recently I was working with it because of job, now I am stuck with a problem when I start up the JBoss. After searching the answer in the google , I didn't found anything helpful, Hope you can help me to review it . thanks.
The main exception of JBoss start up said.
13:30:07,653 INFO [ServerInfo] Java version: 1.7.0_05,Oracle Corporation
13:30:07,653 INFO [ServerInfo] Java VM: Java HotSpot(TM) Server VM 23.1-b03,Oracle Corporation
13:30:07,654 INFO [ServerInfo] OS-System: Windows 7 6.1,x86
13:30:10,515 INFO [Server] Core system initialized
13:30:19,756 INFO [EncryptedSystemPropertiesService] Loaded system properties from: file:/D:/AA7.2.0/av.7.2.0/av.biz/conf/av/ServerConfig.properties
13:30:19,778 INFO [EncryptedSystemPropertiesService] Loaded system properties from: file:/D:/AA7.2.0/av.7.2.0/av.biz/conf/av/system.properties
13:30:21,692 INFO [WebService] Using RMI server codebase: http://joe-wang.achievo.com:3083/
13:30:21,693 INFO [Log4jService$URLWatchTimerTask] Configuring from URL: resource:jboss-log4j.xml
13:30:22,666 WARN [ServiceController] Problem starting service jboss:service=WebService
java.lang.Exception: Port 3083 already in use.
at org.jboss.web.WebServer.start(WebServer.java:233)
at org.jboss.web.WebService.startService(WebService.java:322)
at org.jboss.system.ServiceMBeanSupport.jbossInternalStart(ServiceMBeanSupport.java:289)
Firstyly I thought there is some process already use the port 3083. So I use the dos command to show all the port status .
netstat -a
The below is all the port list .
Proto Local Address Foreign Address State
TCP 0.0.0.0:21 joe-wang:0 LISTENING
TCP 0.0.0.0:80 joe-wang:0 LISTENING
TCP 0.0.0.0:82 joe-wang:0 LISTENING
TCP 0.0.0.0:135 joe-wang:0 LISTENING
TCP 0.0.0.0:443 joe-wang:0 LISTENING
TCP 0.0.0.0:445 joe-wang:0 LISTENING
TCP 0.0.0.0:902 joe-wang:0 LISTENING
TCP 0.0.0.0:912 joe-wang:0 LISTENING
TCP 0.0.0.0:1025 joe-wang:0 LISTENING
TCP 0.0.0.0:1026 joe-wang:0 LISTENING
TCP 0.0.0.0:1027 joe-wang:0 LISTENING
TCP 0.0.0.0:1045 joe-wang:0 LISTENING
TCP 0.0.0.0:1054 joe-wang:0 LISTENING
TCP 0.0.0.0:1316 joe-wang:0 LISTENING
TCP 0.0.0.0:1322 joe-wang:0 LISTENING
TCP 0.0.0.0:2074 joe-wang:0 LISTENING
TCP 0.0.0.0:2137 joe-wang:0 LISTENING
TCP 0.0.0.0:2138 joe-wang:0 LISTENING
TCP 0.0.0.0:2140 joe-wang:0 LISTENING
TCP 0.0.0.0:2382 joe-wang:0 LISTENING
TCP 0.0.0.0:3389 joe-wang:0 LISTENING
TCP 0.0.0.0:8787 joe-wang:0 LISTENING
TCP 0.0.0.0:8890 joe-wang:0 LISTENING
TCP 0.0.0.0:8898 joe-wang:0 LISTENING
TCP 0.0.0.0:8988 joe-wang:0 LISTENING
TCP 0.0.0.0:9089 joe-wang:0 LISTENING
TCP 0.0.0.0:54321 joe-wang:0 LISTENING
TCP 0.0.0.0:56789 joe-wang:0 LISTENING
TCP 10.50.70.133:139 joe-wang:0 LISTENING
TCP 10.50.70.133:445 ACA-SERVER:45627 ESTABLISHED
TCP 10.50.70.133:1411 cs109p1:5050 ESTABLISHED
TCP 10.50.70.133:1450 sip105p2:5050 ESTABLISHED
TCP 10.50.70.133:1461 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2265 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2274 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2302 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2327 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2333 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2343 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2345 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2349 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2397 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2454 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2455 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2456 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2457 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2458 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2459 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2460 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2461 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2462 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2463 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2465 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2466 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2467 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2468 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2469 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2470 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2471 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2472 tmg01:8080 ESTABLISHED
TCP 10.50.70.133:2495 sitesz:epmap TIME_WAIT
TCP 10.50.70.133:2496 sitesz:1025 ESTABLISHED
TCP 10.50.70.133:2498 tmg01:8080 TIME_WAIT
TCP 10.50.70.133:2499 tmg01:8080 TIME_WAIT
TCP 10.50.70.133:2500 tmg01:8080 TIME_WAIT
TCP 10.50.70.133:2501 tmg01:8080 TIME_WAIT
TCP 10.50.70.133:2502 tmg01:8080 TIME_WAIT
TCP 10.50.70.133:2503 tmg01:8080 TIME_WAIT
TCP 10.50.70.133:2504 tmg01:8080 TIME_WAIT
TCP 10.50.70.133:2505 tmg01:8080 TIME_WAIT
TCP 10.50.70.133:2506 tmg01:8080 TIME_WAIT
TCP 127.0.0.1:1355 joe-wang:1356 ESTABLISHED
TCP 127.0.0.1:1356 joe-wang:1355 ESTABLISHED
TCP 127.0.0.1:1405 joe-wang:1406 ESTABLISHED
TCP 127.0.0.1:1406 joe-wang:1405 ESTABLISHED
TCP 127.0.0.1:1448 joe-wang:1449 ESTABLISHED
TCP 127.0.0.1:1449 joe-wang:1448 ESTABLISHED
TCP 127.0.0.1:1777 joe-wang:0 LISTENING
TCP 127.0.0.1:1777 joe-wang:31000 ESTABLISHED
TCP 127.0.0.1:2075 joe-wang:0 LISTENING
TCP 127.0.0.1:8307 joe-wang:0 LISTENING
TCP 127.0.0.1:12001 joe-wang:0 LISTENING
TCP 127.0.0.1:31000 joe-wang:1777 ESTABLISHED
TCP 192.168.98.1:139 joe-wang:0 LISTENING
TCP 192.168.198.1:139 joe-wang:0 LISTENING
TCP [::]:21 joe-wang:0 LISTENING
TCP [::]:80 joe-wang:0 LISTENING
TCP [::]:82 joe-wang:0 LISTENING
TCP [::]:135 joe-wang:0 LISTENING
TCP [::]:443 joe-wang:0 LISTENING
TCP [::]:445 joe-wang:0 LISTENING
TCP [::]:1025 joe-wang:0 LISTENING
TCP [::]:1026 joe-wang:0 LISTENING
TCP [::]:1027 joe-wang:0 LISTENING
TCP [::]:1045 joe-wang:0 LISTENING
TCP [::]:1316 joe-wang:0 LISTENING
TCP [::]:1322 joe-wang:0 LISTENING
TCP [::]:2074 joe-wang:0 LISTENING
TCP [::]:2137 joe-wang:0 LISTENING
TCP [::]:2138 joe-wang:0 LISTENING
TCP [::]:2140 joe-wang:0 LISTENING
TCP [::]:2382 joe-wang:0 LISTENING
TCP [::]:3389 joe-wang:0 LISTENING
TCP [::]:8890 joe-wang:0 LISTENING
TCP [::]:8898 joe-wang:0 LISTENING
TCP [::]:8988 joe-wang:0 LISTENING
TCP [::]:9089 joe-wang:0 LISTENING
TCP [::]:54321 joe-wang:0 LISTENING
TCP [::]:56789 joe-wang:0 LISTENING
TCP [::1]:2075 joe-wang:0 LISTENING
TCP [::1]:8307 joe-wang:0 LISTENING
TCP [::1]:12001 joe-wang:0 LISTENING
UDP 0.0.0.0:123 *:*
UDP 0.0.0.0:500 *:*
UDP 0.0.0.0:1434 *:*
UDP 0.0.0.0:3600 *:*
UDP 0.0.0.0:4500 *:*
UDP 0.0.0.0:5355 *:*
UDP 0.0.0.0:54847 *:*
UDP 0.0.0.0:56477 *:*
UDP 0.0.0.0:57586 *:*
UDP 0.0.0.0:64553 *:*
UDP 10.50.70.133:137 *:*
UDP 10.50.70.133:138 *:*
UDP 10.50.70.133:1900 *:*
UDP 10.50.70.133:55282 *:*
UDP 127.0.0.1:1900 *:*
UDP 127.0.0.1:49890 *:*
UDP 127.0.0.1:50195 *:*
UDP 127.0.0.1:50469 *:*
UDP 127.0.0.1:52636 *:*
UDP 127.0.0.1:54848 *:*
UDP 127.0.0.1:55285 *:*
UDP 127.0.0.1:56474 *:*
UDP 127.0.0.1:62117 *:*
UDP 192.168.98.1:137 *:*
UDP 192.168.98.1:138 *:*
UDP 192.168.98.1:1900 *:*
UDP 192.168.98.1:55283 *:*
UDP 192.168.198.1:137 *:*
UDP 192.168.198.1:138 *:*
UDP 192.168.198.1:1900 *:*
UDP 192.168.198.1:55284 *:*
UDP [::]:123 *:*
UDP [::]:500 *:*
UDP [::]:1434 *:*
UDP [::]:4500 *:*
UDP [::]:5355 *:*
UDP [::1]:1900 *:*
UDP [::1]:55281 *:*
UDP [fe80::35f5:46d0:818f:3594%16]:1900 *:*
UDP [fe80::35f5:46d0:818f:3594%16]:55280 *:*
UDP [fe80::b01e:59e5:ee84:87f9%11]:1900 *:*
UDP [fe80::b01e:59e5:ee84:87f9%11]:55278 *:*
UDP [fe80::b4e4:39b:b59a:9463%14]:1900 *:*
UDP [fe80::b4e4:39b:b59a:9463%14]:55279 *:*
But I found the 3083 is not in the port list above . Could anyone tell me why? Did I missed something? Thanks for you kindly help.
Without knowing what environment you are running, hard to say what it is. Here is explanation for Windows:
Port Number: 3083 (Windows 7/Windows Vista/ Windows XP/Windows Server family)
TL1 Telnet--
Protocol Used : tcp/udp
Service Type : tl1-telnet
Known Port 3083 exploits: Yes
Known Port 3083 Security Risks: Yes
You have to Change port Number.
Run the eclipse click on server and change
1.