Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

tcpip and ports

Status
Not open for further replies.

madra

MIS
Feb 12, 2003
95
GB
How can I verify that a port will allow traffic in ?

Not exactly sure how to ask this question technically, but the basics are this.

Connect:Direct (application) customer sends a file to our AIX server. It passes through everything (customer firewall, internet, our firewall etc...) establishes a link, but then gets - session rejected - message.

There is a route to the IP address (NAT address) for our firewall with the correct gateway on the server. The port is LISTENing.

I just need to confirm that the port will let traffic through.

Hope that makes some sense.

thanks


madra
 
You could double check that the service is LISTENING using the command "netstat -an | grep LISTEN" and verify the expected entry is listed.

To verify connectivity, you could use tcpdump on the server:

Code:
tcpdump -nn -i $ETH port $SERVERPORT and host $CLIENT-IP

06:38:00.552795 IP [b][COLOR=green]$CLIENT-IP.2749[/color][/b] > [COLOR=blue][b]$SERVER-IP.23[/b][/color]: [b][COLOR=red]S[/color][/b] 3460291001:3460291001(0) win 65535 <mss 1260,nop,nop,sackOK>
06:38:00.552852 IP [COLOR=blue][b]$SERVER-IP.23[/b][/color] > [b][COLOR=green]$CLIENT-IP.2749[/color][/b]: [b][COLOR=red]S[/color][/b] 3887154712:3887154712(0) [b][COLOR=red]ack[/color][/b] 3460291002 win 65535 <mss 1460>
06:38:00.552987 IP [b][COLOR=green]$CLIENT-IP.2749[/color][/b] > [COLOR=blue][b]$SERVER-IP.23[/b][/color]: . [b][COLOR=red]ack[/color][/b] 1 win 65535

[b]This will show the TCP handshake for the connection, assuming the protocol is TCP :).[/b]

The above listing shows that connectivity and session setup at the tcp/ip level has taken place. If successful, you can move on to troubleshooting the application. After successful connection an ESTABLISHED entry should be listed in the output of the command "netstat -an | grep ESTAB".

man tcpdump

Ethan
 
With lsof you can see what port is listening by process. lsof is in the Linux toolbox. For example, to see what's runing on port 1521, do this (mind the line wrap):

[tt]
# lsof -i :1521
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
oracle 790754 orap 14u IPv4 0xf10000f3042b8358 0t1055779 TCP oraprod.foo.bar.com:1521->mickey.foo.bar.com:38297 (ESTABLISHED)
tnslsnr 901178 orap 8u IPv4 0xf10000f30424bb58 0t0 TCP oraprod.hrms.mil.ca:1521 (LISTEN)
[/tt]
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top