checking if port is open?

[Christopher777]

Hi, I wonder if u can help me? I am running snmp and want to c if port 161 is open as I am not getting anything from snmp, Can u tell me how to check if port 161 is open and working on my red hat 5 box? or any pointers as to why I am not getting anything back from snmp?

many thanks

 

[RhythmAce]

Here is where to get an olnine port scan.

http://www.securitymetrics.com/portscan.adp

After the scan, scroll down to port 161 and click on the status. For example, if is says 'stealth', you can click on it and get an explanation of 'stealth'.

 

[QatQat]

nmap can also scan localhost.


nmap -sT -O localhost


Generally you may also want to try connect from remote host and run netstat to monitor connections to your linux box.


QatQat

If I could have sex each time I reboot my server, I would definitely prefer Windoz over Linux!

 

[victorv]

hi,
usually I do, from another computer (windows too), a

telnet yourlinuxbox 161

If the telnet hangs, it means that the port is open,
and hangs becouse you cannot, using keyboard, emulate
the protocol the machine use on such port.

If the box answers: connection refused, ... is closed:
no service answers on this port.

bye
vic

 

[RobJordan]

netstat -an|grep 161|grep LISTEN

or if you have lsof, you'll get more details on the process using the port if any

lsof -V|grep 161|grep LISTEN

Rob

Rob Jordan

http://www.linkedin.com/in/robjordan

 

[Annihilannic]

Or more succinctly, lsof -i:161

Annihilannic.

 

[Christopher777]

Thanks very much for all your help. When I do telnet (ip) 161 to my linux box I get could not open connection on port 161 connection failed, so I presume its not open. Next thing is how do I get it open ? I dont think there is a fire wall between the two boxes as they are both on the same network. Do I need to do something on my linux box?

 

[victorv]

hi again,
the concept "a port is open" is not completely correct.
We say "a port is open/closed" if we speak about firewall,
that theorticacally is a computer with 2 nics and all comunications are checked by a program that, looking rules,
leave pass or not packets depending from: srd/dst address class, port number, low protocol type (udp/tcp), high level protocol (ftp tn http...).
Without a firewall, a port is not close, but nobody (no services) answers at that signal (port/protocol).

You can also telnet box by itself (telnet localhost 161).
The firewall may also be a "personal firewall", a program
that runs inside your box.

In Unix env, there is a daemon called more or less "inetd".

There is a cfg file /etc/services in which there is the translation between the number of the port (an integer,161)
and its logical name (a string, "snmp").

There is another configuration files (inetd.conf in some Unix flavour) in which, each line contains "instructions"
about doing what the system has to do when it receive a call on this port: basically the name of the program to launch to manage comunications and othe parameters.

In Linux the concept is the same, but there is a little file
for each service, in which there are more or less the same infos (this mechianism is more flexible becouse each file may have different number of fields).

You can change this files manually, if you know what to do,
or using configuration wizards or rpm setup, these will add files, rows in these files and/or change values from No to Yes, and so on.

I have answered for server side, but I don't know which is the architecture you need to build. Probably you have to install rpms, enable services (wizard), or tell to firewall
(personal or physical) to leave pass snmp threads(161).

ciao
vittorio

 

[QatQat]

try putting down iptables and connecting again.

/etc/init.d/iptables stop



Iptables is started by default in many distributions, and definitely in redhat enterprise.

If your attempt if successful then you can look at configuring iptables in a proper way to allow needed ports.

QaTQat

If I could have sex each time I reboot my server, I would definitely prefer Windoz over Linux!

 

[Christopher777]

hi guys thanks very much for all your suggestions, I will try them and get back to you.

Many thanks

Chris

 

[Christopher777]

Hi, I have tested a couple of your kind responses and get the following response:

nmap -sT -O localhost



Not shown: 1675 closed ports

PORT STATE SERVICE

22/tcp open ssh

25/tcp open smtp

111/tcp open rpcbind

631/tcp open ipp

749/tcp open kerberos-adm

No exact OS matches for host (If you know what OS is running on it, see

http://www.insecure.org/cgi-bin/nmap-submit.cgi).

TCP/IP fingerprint:

SInfo(V=4.11%P=i686-redhat-linux-gnu%D=4/1%Tm=49D3658B%O=22%C=1)

TSeq(Class=RI%gcd=1%SI=28BB6F%IPID=Z%TS=1000HZ)

TSeq(Class=RI%gcd=1%SI=28BB1D%IPID=Z%TS=1000HZ)

TSeq(Class=RI%gcd=1%SI=28BBA4%IPID=Z%TS=1000HZ)

T1(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNNTNW)

T2(Resp=N)

T3(Resp=Y%DF=Y%W=8000%ACK=S++%Flags=AS%Ops=MNNTNW)

T4(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

T5(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

T6(Resp=Y%DF=Y%W=0%ACK=O%Flags=R%Ops=)

>>T7(Resp=Y%DF=Y%W=0%ACK=S++%Flags=AR%Ops=)

>>PU(Resp=Y%DF=N%TOS=C0%IPLEN=164%RIPTL=148%RID=E%RIPCK=E%>>UCK=E%ULEN=134%DAT=E)


lsof -i:161:



>>COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME

>>snmpd 3058 root 6u IPv4 8303 UDP *:snmp


I gues this means the port is not able to be used?

I have used /usr/sbin/lokkit and the local firewall on the box appears to be disabled. Is there any command I can use to "open" it? I dont think there is a fire wall between the windows server and my server.

many thanks

 

[Grenage]

Ports are never really open or closed, a service is simply listening on it, or not.

Is the SNMP service running?

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer

 

[Christopher777]

Some more info , when I test from a windows box "telnet 'linuxbox' 161 I do get could not open connection to the host on port 161, connection failed. does this point to a problem with the red hat server or something thats inbetween. The firewall is diabled on the linux box so all ports should be open shouldnt they ?

 

[Grenage]

To me, that would indicate that no service is listening on port 161, so there would be no response.

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer

 

[Christopher777]

Thanks for the reply, I am trying to get snmp working on this port. Does that mean snmp is not configured correctly and when it is, the port will be opened on default?

 

[Grenage]

Bingo. When a service starts listening on a port, you will get some kind of a response (as long as there is no firewall in the way).

"We can categorically state that we have not released man-eating badgers into the area" - Major Mike Shearer

 

[Christopher777]

thats great, thanks for you help

 

[QatQat]

Leave lokkit, to my knowledge it is just a ery basic interface to netfilter.

put instead iptables down; if you are using RH you can easily do it by issuing

service iptables stop

And if you really want to make sure nothing is in your way disable selinux too (this I recommend you do anyway unless you like pain and suffering)

setenforce 0

then edit /etc/selinux/config
and set it to DISABLED.
Restart linux and try again to connect.

QatQat

If I could have sex each time I reboot my server, I would definitely prefer Windoz over Linux!