Knowing ports used by ip address

Knowing ports used by ip address

Post by jaiso » Sun, 15 May 2005 00:52:08


How can I know the ports used by some ip address from telnet session?

I'm using PIX 506E.

THANKS!
 
 
 

Knowing ports used by ip address

Post by roberso » Sun, 15 May 2005 01:05:07

In article < XXXX@XXXXX.COM >,

:How can I know the ports used by some ip address from telnet session?

:I'm using PIX 506E.

I gather you mean "if you telnet to the PIX, how can you find out
the ports in use by a particular IP address" ?

If it is an inside IP address, then the answer is

show local-host IPADDRESS

This will show you a summary of what that address is doing.

Beyond that, you can also get information from show conn
and show xlate both of which take optional parameters that allow
you to narrow down to specific local or global addresses.
Caution: show xlate will not have any entries for any static IP mapping
or for any 'nat 0 access-list' exemption. And I've hit a couple of
times where it looked like "show conn" was not giving full information,
but I'm not sure on that.
--
Oh, to be a Blobel!

 
 
 

Knowing ports used by ip address

Post by jaiso » Sun, 15 May 2005 02:23:55

> I gather you mean "if you telnet to the PIX, how can you find out

Exactly.

Using show local-host IP I get:

pixfirewall# show local-host 10.195.190.2
Interface inside: 58 active, 67 maximum active, 0 denied
local host: <10.195.190.2>,
TCP connection count/limit = 1/unlimited
TCP embryonic count = 0
TCP intercept watermark = unlimited
UDP connection count/limit = 0/unlimited
AAA:
Xlate(s):
PAT Global 198.40.79.18(20912) Local 10.195.190.2(1590)
PAT Global 198.40.79.18(20914) Local 10.195.190.2(1591)
PAT Global 198.40.79.18(20916) Local 10.195.190.2(1592)
PAT Global 198.40.79.18(20920) Local 10.195.190.2(1593)
PAT Global 198.40.79.18(20922) Local 10.195.190.2(1594)
PAT Global 198.40.79.18(20926) Local 10.195.190.2(1595)
PAT Global 198.40.79.18(20929) Local 10.195.190.2(1596)
PAT Global 198.40.79.18(20934) Local 10.195.190.2(1597)
PAT Global 198.40.79.18(20938) Local 10.195.190.2(1598)
PAT Global 198.40.79.18(20941) Local 10.195.190.2(1600)
PAT Global 198.40.79.18(20945) Local 10.195.190.2(1601)
PAT Global 198.40.79.18(20948) Local 10.195.190.2(1602)
PAT Global 198.40.79.18(20951) Local 10.195.190.2(1603)
PAT Global 198.40.79.18(20986) Local 10.195.190.2(1604)
PAT Global 198.40.79.18(20987) Local 10.195.190.2(1605)
PAT Global 198.40.79.18(20989) Local 10.195.190.2(1606)
PAT Global 198.40.79.18(20991) Local 10.195.190.2(1607)
PAT Global 198.40.79.18(20993) Local 10.195.190.2(1608)
PAT Global 198.40.79.18(20996) Local 10.195.190.2(1609)
PAT Global 198.40.79.18(20998) Local 10.195.190.2(1610)
PAT Global 198.40.79.18(20999) Local 10.195.190.2(1611)
PAT Global 198.40.79.18(21001) Local 10.195.190.2(1612)
PAT Global 198.40.79.18(21003) Local 10.195.190.2(1613)
PAT Global 198.40.79.18(21004) Local 10.195.190.2(1614)
PAT Global 198.40.79.18(21007) Local 10.195.190.2(1616)
PAT Global 198.40.79.18(21009) Local 10.195.190.2(1617)
PAT Global 198.40.79.18(21011) Local 10.195.190.2(1618)
PAT Global 198.40.79.18(21012) Local 10.195.190.2(1619)
Conn(s):
TCP out 207.68.172.249:80 in 10.195.190.2:1619 idle 0:00:00 Bytes
1303 flags UfFRIO
pixfirewall#


What mean the numbers between "( )" at Xlate section?

What mean the numbers after ":" at Conn section?


Thanks again.
 
 
 

Knowing ports used by ip address

Post by roberso » Sun, 15 May 2005 03:06:07

In article < XXXX@XXXXX.COM >,

:Using show local-host IP I get:

:pixfirewall# show local-host 10.195.190.2

: Xlate(s):
: PAT Global 198.40.79.18(20912) Local 10.195.190.2(1590)

: Conn(s):
: TCP out 207.68.172.249:80 in 10.195.190.2:1619 idle 0:00:00 Bytes 1303 flags UfFRIO

:What mean the numbers between "( )" at Xlate section?

Port numbers. In what I quoted above, local host 10.195.190.2
port 1590 is being translated to global IP 198.40.79.18 port 20912
on outgoing connections. These lines do not give you information
about where the connections are -to-: you have to look at the
connection information for that.



The ones right after the IP addresses are port numbers.

The ones after the word 'idle' are hours, minutes, and seconds.

--
I was very young in those days, but I was also rather dim.
-- Christopher Priest