This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Logesh_Kumar_Ma
Participant
‎2021-11-19 06:45 AM

Command to identify the non-standard ports

hi,

It will be appreciated, if could help me with command to show the service usage. example, Need to verify the port 23 or port 80 is used in policy or not.  Thank you

0 Kudos
18 Replies
Danny
MVP Gold
MVP Gold
‎2021-11-19 07:07 AM

image.png

Logesh_Kumar_Ma
Participant
‎2021-11-19 08:20 AM
In response to Danny

Hi Danny,

thank you for your update. I am looking in CLI format. I have tried the command - mgmt_cli show service-tcp name "telnet" but actually it did not tell whether telnet service is used in policy or not.

Once again thank you for your reply.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-19 02:40 PM
In response to Logesh_Kumar_Ma

You can use “where-used” to determine if it’s in use anywhere but you have to parse the results as it will include all policy packages.

0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-12-10 06:20 AM
In response to PhoneBoy

@PhoneBoy , Apologies for late response, It took sometime to build the lab. I have tried the option but I am ending with error below.

CP-MGMT> mgmt_cli show service-tcp name "telnet" where-used
MGMT9000 Error: The parameters of show-service-tcp command should be provided in pairs (key and value). You have provided an odd number of parameters which suggests that you are probably missing a parameter.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2021-11-19 07:26 AM

I think what Danny gave you works, but as far as actual shell command for this, not sure if that exists though...maybe someone else can confirm.

You can always do something like netstat -an | grep "port number"...for example netstat -an | grep "443", but mind you thats only for 1 port...not sure if there is a flag you can use for group of ports.

I tried netstat -an | grep "1-700", but nothing came up, so guess that does not work. I will play around and update you.

Andy

Best,
Andy
0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-11-19 08:22 AM
In response to the_rock

@the_rock , thank you for your response. Kindly let me know your update. Thank you once again.

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2021-11-19 08:23 AM
In response to Logesh_Kumar_Ma

No problem, I will check a bit later and see if anything comes up.

Andy

Best,
Andy
0 Kudos
the_rock
MVP Gold
MVP Gold
‎2021-11-19 02:52 PM
In response to Logesh_Kumar_Ma

Im sorry, I tried so many combinations on command like, but cant get one for range of ports with netstat. Not sure if thats even possible...

Best,
Andy
0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-11-22 07:57 AM
In response to the_rock

@the_rock , np. thank you 

0 Kudos
Matlu
MVP Silver
MVP Silver
‎2023-08-03 03:27 PM
In response to the_rock

Hello, my friend.

Taking advantage of this "discussion" from a couple of years ago.

A doubt, based on the following image.

CH1.png

It means that this "box" where I am applying the command "netstat -an | ....", is "listening" on port 443, to any address in general, right?

It can be either connections from the same LAN, or from the Internet, or am I wrong?

Cheers. 🙂

0 Kudos
the_rock
MVP Gold
MVP Gold
‎2023-08-03 04:09 PM
In response to Matlu

Its applicable regardless where traffic comes from.

Best,
Andy
0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2021-11-20 10:26 AM

On the gateway from expert mode try fw up_execute ipp=6 dport=80

Omitted parameters such as src,dst,sport are assumed to be Any.

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
Logesh_Kumar_Ma
Participant
‎2021-11-22 07:57 AM
In response to Timothy_Hall

@Timothy_Hall , thank you. let me try.

0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-12-10 06:24 AM
In response to Timothy_Hall

@Timothy_Hall , thank you for update and apologies for late response. I have tried but its not giving the exact result.

0 Kudos
Timothy_Hall
MVP Gold
MVP Gold
‎2021-12-10 06:51 AM
In response to Logesh_Kumar_Ma

This should work: where-used name telnet

Gaia 4.18 (R82) Immersion Tips, Tricks, & Best Practices Video Course
Now Available at https://shadowpeak.com/gaia4-18-immersion-course
0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-12-10 07:57 AM
In response to Timothy_Hall

@Timothy_Hall  Yes, thank you...  it wokred ...

mgmt_cli where-used name "telnet" --format json

0 Kudos
Bob_Zimmerman
MVP Gold
MVP Gold
‎2021-12-10 11:18 AM
In response to Logesh_Kumar_Ma

Note that this only tells you where the object named "telnet" is used. If somebody set up a separate service object and named it "elnet-tay", then gave that object TCP port 23 and used it in a rule, 'where-used name telnet' would not find it. You should dump all the service-tcp and service-udp objects, filter them for the ports you care about (careful with port ranges!), then use 'where-used' on those.

And of course, none of this will tell you about rules with the service set to "Any".

Logesh_Kumar_Ma
Participant
‎2021-12-12 11:39 PM
In response to Bob_Zimmerman

@Bob_Zimmerman , Thank you for the update, I will try it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events