Knowing ports used by ip address

Discussion in 'Cisco' started by jaisol, May 13, 2005.

  1. jaisol

    jaisol Guest

    How can I know the ports used by some ip address from telnet session?

    I'm using PIX 506E.

    THANKS!
     
    jaisol, May 13, 2005
    #1
    1. Advertisements

  2. :How can I know the ports used by some ip address from telnet session?

    :I'm using PIX 506E.

    I gather you mean "if you telnet to the PIX, how can you find out
    the ports in use by a particular IP address" ?

    If it is an inside IP address, then the answer is

    show local-host IPADDRESS

    This will show you a summary of what that address is doing.

    Beyond that, you can also get information from show conn
    and show xlate both of which take optional parameters that allow
    you to narrow down to specific local or global addresses.
    Caution: show xlate will not have any entries for any static IP mapping
    or for any 'nat 0 access-list' exemption. And I've hit a couple of
    times where it looked like "show conn" was not giving full information,
    but I'm not sure on that.
     
    Walter Roberson, May 13, 2005
    #2
    1. Advertisements

  3. jaisol

    jaisol Guest

    I gather you mean "if you telnet to the PIX, how can you find out
    Exactly.

    Using show local-host IP I get:

    pixfirewall# show local-host 10.195.190.2
    Interface inside: 58 active, 67 maximum active, 0 denied
    local host: <10.195.190.2>,
    TCP connection count/limit = 1/unlimited
    TCP embryonic count = 0
    TCP intercept watermark = unlimited
    UDP connection count/limit = 0/unlimited
    AAA:
    Xlate(s):
    PAT Global 198.40.79.18(20912) Local 10.195.190.2(1590)
    PAT Global 198.40.79.18(20914) Local 10.195.190.2(1591)
    PAT Global 198.40.79.18(20916) Local 10.195.190.2(1592)
    PAT Global 198.40.79.18(20920) Local 10.195.190.2(1593)
    PAT Global 198.40.79.18(20922) Local 10.195.190.2(1594)
    PAT Global 198.40.79.18(20926) Local 10.195.190.2(1595)
    PAT Global 198.40.79.18(20929) Local 10.195.190.2(1596)
    PAT Global 198.40.79.18(20934) Local 10.195.190.2(1597)
    PAT Global 198.40.79.18(20938) Local 10.195.190.2(1598)
    PAT Global 198.40.79.18(20941) Local 10.195.190.2(1600)
    PAT Global 198.40.79.18(20945) Local 10.195.190.2(1601)
    PAT Global 198.40.79.18(20948) Local 10.195.190.2(1602)
    PAT Global 198.40.79.18(20951) Local 10.195.190.2(1603)
    PAT Global 198.40.79.18(20986) Local 10.195.190.2(1604)
    PAT Global 198.40.79.18(20987) Local 10.195.190.2(1605)
    PAT Global 198.40.79.18(20989) Local 10.195.190.2(1606)
    PAT Global 198.40.79.18(20991) Local 10.195.190.2(1607)
    PAT Global 198.40.79.18(20993) Local 10.195.190.2(1608)
    PAT Global 198.40.79.18(20996) Local 10.195.190.2(1609)
    PAT Global 198.40.79.18(20998) Local 10.195.190.2(1610)
    PAT Global 198.40.79.18(20999) Local 10.195.190.2(1611)
    PAT Global 198.40.79.18(21001) Local 10.195.190.2(1612)
    PAT Global 198.40.79.18(21003) Local 10.195.190.2(1613)
    PAT Global 198.40.79.18(21004) Local 10.195.190.2(1614)
    PAT Global 198.40.79.18(21007) Local 10.195.190.2(1616)
    PAT Global 198.40.79.18(21009) Local 10.195.190.2(1617)
    PAT Global 198.40.79.18(21011) Local 10.195.190.2(1618)
    PAT Global 198.40.79.18(21012) Local 10.195.190.2(1619)
    Conn(s):
    TCP out 207.68.172.249:80 in 10.195.190.2:1619 idle 0:00:00 Bytes
    1303 flags UfFRIO
    pixfirewall#


    What mean the numbers between "( )" at Xlate section?

    What mean the numbers after ":" at Conn section?


    Thanks again.
     
    jaisol, May 13, 2005
    #3
  4. :pixfirewall# show local-host 10.195.190.2

    : Xlate(s):
    : PAT Global 198.40.79.18(20912) Local 10.195.190.2(1590)

    : Conn(s):
    : TCP out 207.68.172.249:80 in 10.195.190.2:1619 idle 0:00:00 Bytes 1303 flags UfFRIO

    :What mean the numbers between "( )" at Xlate section?

    Port numbers. In what I quoted above, local host 10.195.190.2
    port 1590 is being translated to global IP 198.40.79.18 port 20912
    on outgoing connections. These lines do not give you information
    about where the connections are -to-: you have to look at the
    connection information for that.

    The ones right after the IP addresses are port numbers.

    The ones after the word 'idle' are hours, minutes, and seconds.
     
    Walter Roberson, May 13, 2005
    #4
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.