Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
D_TK
Collaborator

cpview, tcp/1024, and sk116876

I've noticed on one cluster that the CPU utilization is higher than normal and the top protocol is always (and significantly) tcp/1024.  Per that SK, it seems to be saying that tcp/1024 in cpview is "represents TCP high ports in general, and not specifically TCP port 1024."  Is there a way see exactly what traffic is being thrown into this high cpu utilization bucket in cpview?

Thanks

 

 

Screenshot 2023-09-18 141902.png

 

0 Kudos
3 Replies
the_rock
Legend
Legend

I had TAC case last year for customer for this exact issue and guy gave me the same sk and closed the case, that was it. Never bothered to do little more research, maybe ask someone, nothing. If you ever find out the way to tell what port(s) its referring to, would be great.

Andy

0 Kudos
PhoneBoy
Admin
Admin

I presume you'd have to parse the connections table to see what port(s) are being used (output of fw tab -t connections -u).
The firth argument in the output should be the port in hex, and if it's a TCP connection, then the sixth argument will be 6 (the protocol number for TCP).

0 Kudos
Elad_Chomsky
Employee
Employee

Hi @D_TK ,

The view works by categorizing ports to specific protocols and presenting only those. Known and common protocols will be presented. We can expend this view to present unknown ports as well, or add new groups. Please open an official RFE, and we will promote it from there.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events