This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Logesh_Kumar_Ma
Participant
‎2021-11-19 06:45 AM

Command to identify the non-standard ports

hi,

It will be appreciated, if could help me with command to show the service usage. example, Need to verify the port 23 or port 80 is used in policy or not.  Thank you

0 Kudos
16 Replies
Danny
Champion
Champion
‎2021-11-19 07:07 AM

image.png

Logesh_Kumar_Ma
Participant
‎2021-11-19 08:20 AM
In response to Danny

Hi Danny,

thank you for your update. I am looking in CLI format. I have tried the command - mgmt_cli show service-tcp name "telnet" but actually it did not tell whether telnet service is used in policy or not.

Once again thank you for your reply.

0 Kudos
PhoneBoy
Admin
Admin
‎2021-11-19 02:40 PM
In response to Logesh_Kumar_Ma

You can use “where-used” to determine if it’s in use anywhere but you have to parse the results as it will include all policy packages.

0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-12-10 06:20 AM
In response to PhoneBoy

@PhoneBoy , Apologies for late response, It took sometime to build the lab. I have tried the option but I am ending with error below.

CP-MGMT> mgmt_cli show service-tcp name "telnet" where-used
MGMT9000 Error: The parameters of show-service-tcp command should be provided in pairs (key and value). You have provided an odd number of parameters which suggests that you are probably missing a parameter.

0 Kudos
the_rock
Champion
Champion
‎2021-11-19 07:26 AM

I think what Danny gave you works, but as far as actual shell command for this, not sure if that exists though...maybe someone else can confirm.

You can always do something like netstat -an | grep "port number"...for example netstat -an | grep "443", but mind you thats only for 1 port...not sure if there is a flag you can use for group of ports.

I tried netstat -an | grep "1-700", but nothing came up, so guess that does not work. I will play around and update you.

Andy

0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-11-19 08:22 AM
In response to the_rock

@the_rock , thank you for your response. Kindly let me know your update. Thank you once again.

0 Kudos
the_rock
Champion
Champion
‎2021-11-19 08:23 AM
In response to Logesh_Kumar_Ma

No problem, I will check a bit later and see if anything comes up.

Andy

0 Kudos
the_rock
Champion
Champion
‎2021-11-19 02:52 PM
In response to Logesh_Kumar_Ma

Im sorry, I tried so many combinations on command like, but cant get one for range of ports with netstat. Not sure if thats even possible...

0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-11-22 07:57 AM
In response to the_rock

@the_rock , np. thank you 

0 Kudos
Timothy_Hall
Champion
Champion
‎2021-11-20 10:26 AM

On the gateway from expert mode try fw up_execute ipp=6 dport=80

Omitted parameters such as src,dst,sport are assumed to be Any.

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
Logesh_Kumar_Ma
Participant
‎2021-11-22 07:57 AM
In response to Timothy_Hall

@Timothy_Hall , thank you. let me try.

0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-12-10 06:24 AM
In response to Timothy_Hall

@Timothy_Hall , thank you for update and apologies for late response. I have tried but its not giving the exact result.

0 Kudos
Timothy_Hall
Champion
Champion
‎2021-12-10 06:51 AM
In response to Logesh_Kumar_Ma

This should work: where-used name telnet

New 2021 IPS/AV/ABOT Immersion Self-Guided Video Series
now available at http://www.maxpowerfirewalls.com
0 Kudos
Logesh_Kumar_Ma
Participant
‎2021-12-10 07:57 AM
In response to Timothy_Hall

@Timothy_Hall  Yes, thank you...  it wokred ...

mgmt_cli where-used name "telnet" --format json

0 Kudos
Bob_Zimmerman
Advisor
‎2021-12-10 11:18 AM
In response to Logesh_Kumar_Ma

Note that this only tells you where the object named "telnet" is used. If somebody set up a separate service object and named it "elnet-tay", then gave that object TCP port 23 and used it in a rule, 'where-used name telnet' would not find it. You should dump all the service-tcp and service-udp objects, filter them for the ports you care about (careful with port ranges!), then use 'where-used' on those.

And of course, none of this will tell you about rules with the service set to "Any".

Logesh_Kumar_Ma
Participant
‎2021-12-12 11:39 PM
In response to Bob_Zimmerman

@Bob_Zimmerman , Thank you for the update, I will try it.

0 Kudos