Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Logesh_Kumar_Ma
Participant

Command to identify the non-standard ports

hi,

It will be appreciated, if could help me with command to show the service usage. example, Need to verify the port 23 or port 80 is used in policy or not.  Thank you

0 Kudos
16 Replies
Danny
Champion
Champion

image.png

Logesh_Kumar_Ma
Participant

Hi Danny,

thank you for your update. I am looking in CLI format. I have tried the command - mgmt_cli show service-tcp name "telnet" but actually it did not tell whether telnet service is used in policy or not.

Once again thank you for your reply.

0 Kudos
PhoneBoy
Admin
Admin

You can use “where-used” to determine if it’s in use anywhere but you have to parse the results as it will include all policy packages.

0 Kudos
Logesh_Kumar_Ma
Participant

@PhoneBoy , Apologies for late response, It took sometime to build the lab. I have tried the option but I am ending with error below.

CP-MGMT> mgmt_cli show service-tcp name "telnet" where-used
MGMT9000 Error: The parameters of show-service-tcp command should be provided in pairs (key and value). You have provided an odd number of parameters which suggests that you are probably missing a parameter.

0 Kudos
the_rock
Champion
Champion

I think what Danny gave you works, but as far as actual shell command for this, not sure if that exists though...maybe someone else can confirm.

You can always do something like netstat -an | grep "port number"...for example netstat -an | grep "443", but mind you thats only for 1 port...not sure if there is a flag you can use for group of ports.

I tried netstat -an | grep "1-700", but nothing came up, so guess that does not work. I will play around and update you.

Andy

0 Kudos
Logesh_Kumar_Ma
Participant

@the_rock , thank you for your response. Kindly let me know your update. Thank you once again.

0 Kudos
the_rock
Champion
Champion

No problem, I will check a bit later and see if anything comes up.

Andy

0 Kudos
the_rock
Champion
Champion

Im sorry, I tried so many combinations on command like, but cant get one for range of ports with netstat. Not sure if thats even possible...

0 Kudos
Logesh_Kumar_Ma
Participant

@the_rock , np. thank you 

0 Kudos
Timothy_Hall
Champion
Champion

On the gateway from expert mode try fw up_execute ipp=6 dport=80

Omitted parameters such as src,dst,sport are assumed to be Any.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
Logesh_Kumar_Ma
Participant

@Timothy_Hall , thank you. let me try.

0 Kudos
Logesh_Kumar_Ma
Participant

@Timothy_Hall , thank you for update and apologies for late response. I have tried but its not giving the exact result.

0 Kudos
Timothy_Hall
Champion
Champion

This should work: where-used name telnet

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Logesh_Kumar_Ma
Participant

@Timothy_Hall  Yes, thank you...  it wokred ...

mgmt_cli where-used name "telnet" --format json

0 Kudos
Bob_Zimmerman
Advisor

Note that this only tells you where the object named "telnet" is used. If somebody set up a separate service object and named it "elnet-tay", then gave that object TCP port 23 and used it in a rule, 'where-used name telnet' would not find it. You should dump all the service-tcp and service-udp objects, filter them for the ports you care about (careful with port ranges!), then use 'where-used' on those.

And of course, none of this will tell you about rules with the service set to "Any".

Logesh_Kumar_Ma
Participant

@Bob_Zimmerman , Thank you for the update, I will try it.

0 Kudos