topic Re: Command to identify the non-standard ports in Firewall and Security Management

Command to identify the non-standard ports

Logesh_Kumar_Ma — Fri, 19 Nov 2021 14:45:50 GMT

hi,

It will be appreciated, if could help me with command to show the service usage. example, Need to verify the port 23 or port 80 is used in policy or not. Thank you

Re: Command to identify the non-standard ports

Danny — Fri, 19 Nov 2021 15:07:46 GMT

Re: Command to identify the non-standard ports

the_rock — Fri, 19 Nov 2021 15:26:24 GMT

I think what Danny gave you works, but as far as actual shell command for this, not sure if that exists though...maybe someone else can confirm.

You can always do something like netstat -an | grep "port number"...for example netstat -an | grep "443", but mind you thats only for 1 port...not sure if there is a flag you can use for group of ports.

I tried netstat -an | grep "1-700", but nothing came up, so guess that does not work. I will play around and update you.

Andy

Re: Command to identify the non-standard ports

Logesh_Kumar_Ma — Fri, 19 Nov 2021 16:20:59 GMT

Hi Danny,

thank you for your update. I am looking in CLI format. I have tried the command - mgmt_cli show service-tcp name "telnet" but actually it did not tell whether telnet service is used in policy or not.

Once again thank you for your reply.

Re: Command to identify the non-standard ports

Logesh_Kumar_Ma — Fri, 19 Nov 2021 16:22:00 GMT

@the_rock , thank you for your response. Kindly let me know your update. Thank you once again.

Re: Command to identify the non-standard ports

the_rock — Fri, 19 Nov 2021 16:23:42 GMT

No problem, I will check a bit later and see if anything comes up.

Andy

Re: Command to identify the non-standard ports

PhoneBoy — Fri, 19 Nov 2021 22:40:23 GMT

You can use “where-used” to determine if it’s in use anywhere but you have to parse the results as it will include all policy packages.

Re: Command to identify the non-standard ports

the_rock — Fri, 19 Nov 2021 22:52:45 GMT

Im sorry, I tried so many combinations on command like, but cant get one for range of ports with netstat. Not sure if thats even possible...

Re: Command to identify the non-standard ports

Timothy_Hall — Sat, 20 Nov 2021 18:26:01 GMT

On the gateway from expert mode try fw up_execute ipp=6 dport=80

Omitted parameters such as src,dst,sport are assumed to be Any.

Re: Command to identify the non-standard ports

Logesh_Kumar_Ma — Mon, 22 Nov 2021 15:57:13 GMT

@Timothy_Hall , thank you. let me try.

Re: Command to identify the non-standard ports

Logesh_Kumar_Ma — Mon, 22 Nov 2021 15:57:58 GMT

@the_rock , np. thank you

Re: Command to identify the non-standard ports

Logesh_Kumar_Ma — Fri, 10 Dec 2021 14:20:20 GMT

@PhoneBoy , Apologies for late response, It took sometime to build the lab. I have tried the option but I am ending with error below.

CP-MGMT> mgmt_cli show service-tcp name "telnet" where-used
MGMT9000 Error: The parameters of show-service-tcp command should be provided in pairs (key and value). You have provided an odd number of parameters which suggests that you are probably missing a parameter.

Re: Command to identify the non-standard ports

Logesh_Kumar_Ma — Fri, 10 Dec 2021 14:24:15 GMT

@Timothy_Hall , thank you for update and apologies for late response. I have tried but its not giving the exact result.

Re: Command to identify the non-standard ports

Timothy_Hall — Fri, 10 Dec 2021 14:51:00 GMT

This should work: where-used name telnet

Re: Command to identify the non-standard ports

Logesh_Kumar_Ma — Fri, 10 Dec 2021 15:57:58 GMT

@Timothy_Hall Yes, thank you... it wokred ...

mgmt_cli where-used name "telnet" --format json

Re: Command to identify the non-standard ports

Bob_Zimmerman — Fri, 10 Dec 2021 19:18:43 GMT

Note that this only tells you where the object named "telnet" is used. If somebody set up a separate service object and named it "elnet-tay", then gave that object TCP port 23 and used it in a rule, 'where-used name telnet' would not find it. You should dump all the service-tcp and service-udp objects, filter them for the ports you care about (careful with port ranges!), then use 'where-used' on those.

And of course, none of this will tell you about rules with the service set to "Any".

Re: Command to identify the non-standard ports

Logesh_Kumar_Ma — Mon, 13 Dec 2021 07:39:01 GMT

@Bob_Zimmerman , Thank you for the update, I will try it.

Re: Command to identify the non-standard ports

Matlu — Thu, 03 Aug 2023 22:27:47 GMT

Hello, my friend.

Taking advantage of this "discussion" from a couple of years ago.

A doubt, based on the following image.

It means that this "box" where I am applying the command "netstat -an | ....", is "listening" on port 443, to any address in general, right?

It can be either connections from the same LAN, or from the Internet, or am I wrong?

Cheers. 🙂

Re: Command to identify the non-standard ports

the_rock — Thu, 03 Aug 2023 23:09:39 GMT

Its applicable regardless where traffic comes from.