Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Carlos_Diaz
Employee
Employee

Searching ports by number

Hi,

We're helping a partner that is looking for the Check Point API solution, the idea is find ports by their port number

 

Looking at the API documentation we found show objects and it is possible to filter it, we are doing some queries like

 

curl -k -X POST https://IPSEREVER:443/web_api/show-objects -H "Content-Type: application/json" -H "X-chkp-sid: $sid" -d '{"filter":"^28$","type" : "service-tcp","details-level" : "full"}'

    "port" : "444",

    "match-by-protocol-signature" : false,

    "override-default-settings" : false,

    "session-timeout" : 3600,

or

curl -k -X POST https://IPSERVER:443/web_api/show-objects -H "Content-Type: application/json" -H "X-chkp-sid: $sid" -d '{"filter":"^30$","type" : "service-tcp","details-level" : "full"}'

Answer:

    },

    "port" : "8080",

    "protocol" : "ENC-HTTP",

    "match-by-protocol-signature" : false,

    "override-default-settings" : false,

    "session-timeout" : 3600,

    "use-default-session-timeout" : true,

    "match-for-any" : false,

 

But the answer is not acurate and is returning some unusual value, we validate it using the dashboard and doing the port filter on it drops the same rasult.

Somebody know what is happening? Why is the reason for this behave?

regards

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

You're filtering based on a regex, which I don't believe is supported at all.
Try using the number without any regex.
0 Kudos
Carlos_Diaz
Employee
Employee

Hi,

 

I'm doing the same query removing the expesion looking for the 443 port

 

 

curl -k -v -X POST https://180.176.86.24:443/web_api/show-objects -H "Content-Type: application/json" -H "X-chkp-sid: $sid" -d '{"limit" : 10,"offset" : 0,"in" :[ "port","443"] ,"type" : "service-tcp","details-level" : "full"}'

 

And it is showing another services, but the 443 port is not in the answer, sombody has a clue about this behave.

 

{
  "from" : 1,
  "to" : 10,
  "total" : 255,
  "objects" : [ {
    "uid" : "97aeb44f-9aea-11d5-bd16-0090272ccb30",
    "name" : "AOL",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "5190",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : true,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "AOL Instant Messenger. Also used by: ICQ & Apple iChat",
    "color" : "red",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685758865,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685758865,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "97aeb3e9-9aea-11d5-bd16-0090272ccb30",
    "name" : "AP-Defender",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "2626",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : true,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "Defender Authentication service",
    "color" : "firebrick",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685756681,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685756681,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "97aeb3ea-9aea-11d5-bd16-0090272ccb30",
    "name" : "AT-Defender",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "2626",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : false,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "Defender Authentication service",
    "color" : "firebrick",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685756693,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685756693,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "96759a8d-aab8-43d9-bbfc-b459ce66ac87",
    "name" : "Backage",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "411",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : false,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "Backage trojan",
    "color" : "pink",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685760043,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685760043,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "1fceea78-d378-44b4-8939-019b68f48518",
    "name" : "BGP",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "179",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : false,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "Border Gateway Protocol",
    "color" : "black",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685760851,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685760851,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "86077a7d-a8da-4b5b-919c-366fe91ad1da",
    "name" : "Bionet-Setup",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "5000",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : false,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "Also used by: Blazer5 , Bubbel and Back-door trojans",
    "color" : "magenta",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685759960,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685759960,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "11da2773-a070-4f68-a3c2-9ce5dc158683",
    "name" : "CheckPointExchangeAgent",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "18301",
    "protocol" : "SMTP",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : true,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "",
    "color" : "black",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685759672,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685759672,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "986bad5a-94d2-4a8c-81aa-de98d3ecb5c6",
    "name" : "Citrix_ICA",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "1494",
    "protocol" : "CitrixICA",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : false,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "Citrix ICA general Service.",
    "color" : "black",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685756066,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685756066,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "97aeb451-9aea-11d5-bd16-0090272ccb30",
    "name" : "ConnectedOnLine",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "16384",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : true,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "",
    "color" : "black",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685758909,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685758909,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  }, {
    "uid" : "97aeb3ad-9aea-11d5-bd16-0090272ccb30",
    "name" : "CP_Exnet_PK",
    "type" : "service-tcp",
    "domain" : {
      "uid" : "a0bbbc99-adef-4ef8-bb6d-defdefdefdef",
      "name" : "Check Point Data",
      "domain-type" : "data domain"
    },
    "port" : "18262",
    "match-by-protocol-signature" : false,
    "override-default-settings" : false,
    "session-timeout" : 3600,
    "use-default-session-timeout" : true,
    "match-for-any" : true,
    "sync-connections-on-cluster" : true,
    "aggressive-aging" : {
      "enable" : true,
      "timeout" : 600,
      "use-default-timeout" : true,
      "default-timeout" : 0
    },
    "keep-connections-open-after-policy-installation" : false,
    "comments" : "Check Point Extranet public key resolution",
    "color" : "firebrick",
    "icon" : "Services/TCPService",
    "tags" : [ ],
    "meta-info" : {
      "lock" : "unlocked",
      "validation-state" : "ok",
      "last-modify-time" : {
        "posix" : 1554685754574,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "last-modifier" : "System",
      "creation-time" : {
        "posix" : 1554685754574,
        "iso-8601" : "2019-04-07T20:09-0500"
      },
      "creator" : "System"
    },
    "read-only" : false
  } ]
}

0 Kudos
PhoneBoy
Admin
Admin

"in" is not valid according to the API documentation.
You specify the port in filter, e.g. mgmt_cli -r true show-objects limit 10 filter 443 type service-tcp
This shows several services with port 443 and a couple with 4433.
0 Kudos