Announcement

Collapse
No announcement yet.

IP & Port Testing

Collapse
X
  • Filter
  • Time
  • Show
Clear All
new posts

  • IP & Port Testing

    Hi,


    I want to test that a given port (specifically 3001) is open between an ESX host and an Opsware server. Normally I would telnet to the server's IP:Port and that way figure whether that port is open but elsewhere on this forum someone says telnet is not even installed by default on ESX servers. Any idea how I can test for a given port being open from an ESX host?


    Kyu
    J C Rocks (An Aspiring Author's Journey)
    The Abyssal Void War: Stars, Hide Your Fires

  • #2
    Re: IP & Port Testing

    remote nmap scan?
    Marcel
    Technical Consultant
    Netherlands
    http://www.phetios.com
    http://blog.nessus.nl

    MCITP(EA, SA), MCSA/E 2003:Security, CCNA, SNAF, DCUCI, CCSA/E/E+ (R60), VCP4/5, NCDA, NCIE - SAN, NCIE - BR, EMCPE
    "No matter how secure, there is always the human factor."

    "Enjoy life today, tomorrow may never come."
    "If you're going through hell, keep going. ~Winston Churchill"

    Comment


    • #3
      Re: IP & Port Testing

      Or if you're scared of command lines (not likely if your an ESX person) you could try Microsoft's PortQuery with the PortQuery UI.
      Wesley David
      LinkedIn | Careers 2.0
      -------------------------------
      Microsoft Certifications: MCSE 2003 | MCSA:Messaging 2003 | MCITP:EA, SA, EST | MCTS: a'plenty | MCDST
      Vendor Neutral Certifications: CWNA
      Blog: www.TheNubbyAdmin.com || Twitter: @Nonapeptide || GTalk, Reader and Google+: [email protected] || Skype: Wesley.Nonapeptide
      Goofy kitten avatar photo from Troy Snow: flickr.com/photos/troysnow/

      Comment


      • #4
        Re: IP & Port Testing

        Hi,

        give lsof a try

        use lsof command - list open files planetmy:/ # lsof -i -n -P|grep 631
        cupsd 17934 lp 0u IPv4 56540196 TCP *:631 (LISTEN)
        cupsd 17934 lp 2u IPv4 56540197 UDP *:631


        http://www.gronau.it/index.php?optio...=557&Itemid=25

        Bye

        Comment


        • #5
          Re: IP & Port Testing

          Those ports should not be open. Please see: http://www.boche.net/blog/index.php/...-for-comments/

          Telnet from a client only probes the ip address and port for a listener. It doesn't necessarily mean telnet needs to be listening on the server. It could be any protocol or service for that matter. Which is why you can telnet to well known ports like 25 (SMTP)
          VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
          boche.net - VMware Virtualization Evangelist
          My advice has no warranties. Follow at your own risk.

          Comment


          • #6
            Re: IP & Port Testing

            Originally posted by Methone View Post
            give lsof a try

            use lsof command - list open files planetmy:/ # lsof -i -n -P|grep 631
            cupsd 17934 lp 0u IPv4 56540196 TCP *:631 (LISTEN)
            cupsd 17934 lp 2u IPv4 56540197 UDP *:631
            It doesn't appear to have an lsof command. I logged on as me using PuTTY, then superuser.

            Thanks anyway

            Kyu
            J C Rocks (An Aspiring Author's Journey)
            The Abyssal Void War: Stars, Hide Your Fires

            Comment


            • #7
              Re: IP & Port Testing

              Originally posted by jasonboche View Post
              Those ports should not be open. Please see: http://www.boche.net/blog/index.php/...-for-comments/

              Telnet from a client only probes the ip address and port for a listener. It doesn't necessarily mean telnet needs to be listening on the server. It could be any protocol or service for that matter. Which is why you can telnet to well known ports like 25 (SMTP)
              So is there a way I can open that port up?

              EDIT: Apparently there is: esxcfg-firewall --openPort 402,tcp,out,adlagent ... now, I've tried and I just get "command not found" ... any ideas?

              Kyu
              Last edited by Kyuuketsuki; 4th February 2009, 11:36.
              J C Rocks (An Aspiring Author's Journey)
              The Abyssal Void War: Stars, Hide Your Fires

              Comment


              • #8
                Re: IP & Port Testing

                esxcfg-firewall -o 402,tcp,out,"adlagent"
                VCDX3 #34, VCDX4, VCDX5, VCAP4-DCA #14, VCAP4-DCD #35, VCAP5-DCD, VCPx4, vEXPERTx4, MCSEx3, MCSAx2, MCP, CCAx2, A+
                boche.net - VMware Virtualization Evangelist
                My advice has no warranties. Follow at your own risk.

                Comment


                • #9
                  Re: IP & Port Testing

                  Originally posted by jasonboche View Post
                  esxcfg-firewall -o 402,tcp,out,"adlagent"
                  I still get "bash: esxcfg-firewall: command not found"

                  Kyu
                  J C Rocks (An Aspiring Author's Journey)
                  The Abyssal Void War: Stars, Hide Your Fires

                  Comment


                  • #10
                    Re: IP & Port Testing

                    Are you using esx3i?
                    Maish
                    ----------------------------------------------------------
                    Technodrone|@maishsk|Author of VMware vSphere Design
                    VMware vExpert 2013-2010,VCAP5-DCA/DCD,VCP
                    MSCA 2000/2003, MCSE 2000/2003
                    A proud husband and father of 3 girls
                    ----------------------------------------------------------
                    If you find the information useful please don't forget to give reputation points sigpic.

                    Have a good one!!

                    Comment


                    • #11
                      Re: IP & Port Testing

                      Originally posted by Maish View Post
                      Are you using esx3i?
                      No ... the one I am using is a standalone ESX 3.02 corporate server.

                      I get the same response if I just type esxcfg-firewall so obviously (?) it can't find that command, program or script.

                      As far as I can tell I cannot even find the esxcfg-config program or whatever it is so maybe my problem is more fundamental, we should go back to basics to see if we can establish what I am doing wrong?

                      In order to get to the pint where I think I should be able to enter command line commands I do:

                      1. Run PuTTY
                      2. Load and Open the stored session for that ESX server.
                      3. At the "login as:" prompt I login as myself.
                      4. I type "su" and login as the superuser
                      5. I try to run the command.

                      At this point I can run basic commands like "ls" or "vi" so I know they work

                      Kyu
                      Last edited by Kyuuketsuki; 5th February 2009, 15:06.
                      J C Rocks (An Aspiring Author's Journey)
                      The Abyssal Void War: Stars, Hide Your Fires

                      Comment


                      • #12
                        Re: IP & Port Testing

                        You should have that on your ESX server by default

                        /usr/sbin/esxcfg-firewall
                        Maish
                        ----------------------------------------------------------
                        Technodrone|@maishsk|Author of VMware vSphere Design
                        VMware vExpert 2013-2010,VCAP5-DCA/DCD,VCP
                        MSCA 2000/2003, MCSE 2000/2003
                        A proud husband and father of 3 girls
                        ----------------------------------------------------------
                        If you find the information useful please don't forget to give reputation points sigpic.

                        Have a good one!!

                        Comment


                        • #13
                          Re: IP & Port Testing

                          Originally posted by Maish View Post
                          Are you using esx3i?
                          Yes ... the problem here is me, my lack of expertise (I'm a Windows techy and despite years of playing about with Linux I've never really got the hang of it at command line).

                          OK ...

                          I have (as far as I can tell because it, the application, still isn't working) successfully opened the port 3001 (outgoing) using the command:

                          ./esxcfg-firewall -o 3001,tcp,out,"adlagent"

                          It turns out that I may also need to allow port 3003 so I presume the same command (with 3003 instead of 3001) will work?

                          I also apparently need to ensure that port 1002 is allowed in, would that be:

                          ./esxcfg-firewall -o 1002,tcp,in,"adlagent" ???

                          Kyu
                          Last edited by Kyuuketsuki; 9th February 2009, 12:26.
                          J C Rocks (An Aspiring Author's Journey)
                          The Abyssal Void War: Stars, Hide Your Fires

                          Comment


                          • #14
                            Re: IP & Port Testing

                            I went ahead and tried it anyway ...

                            ./esxcfg-firewall -o 3001,tcp,out,"adlagent"
                            ./esxcfg-firewall -o 3003,tcp,out,"adlagent"
                            ./esxcfg-firewall -o 1002,tcp,in,"adlagent"


                            .... but with the same result as before

                            Kyu
                            Last edited by Kyuuketsuki; 11th February 2009, 17:03.
                            J C Rocks (An Aspiring Author's Journey)
                            The Abyssal Void War: Stars, Hide Your Fires

                            Comment


                            • #15
                              Re: IP & Port Testing

                              vim-cmd hostsvc/firewall_enable_ruleset

                              You will have to play around with the syntax a bit to get what you want...
                              Maish
                              ----------------------------------------------------------
                              Technodrone|@maishsk|Author of VMware vSphere Design
                              VMware vExpert 2013-2010,VCAP5-DCA/DCD,VCP
                              MSCA 2000/2003, MCSE 2000/2003
                              A proud husband and father of 3 girls
                              ----------------------------------------------------------
                              If you find the information useful please don't forget to give reputation points sigpic.

                              Have a good one!!

                              Comment

                              Working...
                              X