Display open TCP and UDP ports

With the introduction of Control Plane Policing features (available from 12.3(4)T), you can easily inspect all the open ports (servers and clients) on a router with the show control-plane host open-ports command, resulting in a printout very similar to the netstat -a printout on a Unix/Windows workstation. For example, on the router where I've configured BGP, HTTP server, NTP and DHCP, this command produces the following output (a session to a BGP neighbor as well as a telnet session was established):
R1#show control-plane host open-ports
Active internet connections (servers and established)
Prot   Local Address  Foreign Address          Service    State
 tcp            *:23              *:0           Telnet   LISTEN
 tcp            *:80              *:0        HTTP CORE   LISTEN
 tcp           *:179              *:0              BGP   LISTEN
 tcp           *:179   10.0.7.2:43962              BGP ESTABLIS
 tcp            *:23   10.0.7.2:18036           Telnet ESTABLIS
 udp            *:67              *:0    DHCPD Receive   LISTEN
 udp            *:68              *:0     BootP client   LISTEN
 udp           *:123              *:0              NTP   LISTEN
Notes:
  • This show command does not display non-TCP/UDP servers (OSPF, EIGRP, RSVP) or even some UDP-based services (RIP).
  • Although I was considering writing about CPP for a long time, Artur Szymanski was the one that brought this command to my attention. Thanks!

Recent posts in the same categories

10 comments:

  1. Aaron 20 December 2007 14:17
    I've been looking for this for a while now. Thanks a heap.
  2. Anonymous 20 December 2007 14:49
    "show ip sockets" is a similar command that works on older IOS versions.
  3. Ivan Pepelnjak 20 December 2007 16:39
    I can't test the "show ip sockets" command, as it's gone from 12.4T, but if I remember correctly, it did not display the TCP sessions ... but I may be completely wrong.
  4. Anonymous 20 December 2007 21:05
    Prior to 12.4T I used both show ip sockets and show tcp brief. However, I agree that in 12.4T the control plane command is much better.
  5. Floppy Foot Runner 21 December 2007 01:57
    Sample from ver 12.2

    router#sho ip sockets
    Proto Remote Port Local Port In Out Stat TTY OutputIF
    17 --listen-- multicast 1985 0 0 41 0
    17 x.x.x.x 514 ServerIP 58795 0 0 20 0
    17 x.x.x.x 514 ServerIP 58849 0 0 20 0
    17 x.x.x.x 162 ServerIP 56261 0 0 0 0
    17 x.x.x.x 162 ServerIP 55417 0 0 0 0
    17 x.x.x.x 67 ServerIP 67 0 0 2211 0
    17 0.0.0.0 0 ServerIP 2228 0 0 211 0
    17 x.x.x.x 1058 ServerIP 161 0 0 1 0
    17 --listen-- ServerIP 162 0 0 11 0
    17 --listen-- ServerIP 51525 0 0 11 0
    17 --listen-- ServerIP 123 0 0 1 0
    17 --listen-- ServerIP 496 0 0 61 0


    router# sho tcp brief
    TCB Local Address Foreign Address (state)
    47198FA8 router.23 user.3305 ESTAB
    4724E2C8 router.14191 server.49 ESTAB
    4738EAB0 router.14190 server.49 TIMEWAIT
  6. Unknown 21 December 2007 03:54
    Funniest thing

    I used the show control-plane host open-ports command on my little 877 ADSL Router running c870-advipservicesk9-mz.124-11.T.bin and it dropped the ATM (ADSL) interface.

    Anyhow, I found an open port I wasn't even aware was open and have closed it up. Very annoying.

    #show control-plane host open-ports
    Active internet connections (servers and established)
    Prot Local Address Foreign Address Service State
    tcp *:22 *:0 SSH-Server LISTEN
    tcp *:23 *:0 Telnet LISTEN
    tcp *:80 *:0 HTTP CORE LISTEN
    tcp *:443 *:0 HTTP CORE LISTEN
    udp *:67 *:0 DHCPD Receive LISTEN
    udp *:2887 *:0 DDP LISTEN
    udp *:123 *:0 NTP LISTEN


    Thanks Ivan
    Replies
    1. Anonymous 06 March 2013 16:42
      Ivan,

      Did you use an ACL or a specific command to close UDP port 2887?

      Thanks.
    2. Ivan Pepelnjak 07 March 2013 05:18
      That wasn't me but one of the readers ;)

      DDP is AppleTalk-related, so he probably had some leftover AppleTalk configuration that he had to remove.
  7. Anonymous 03 December 2009 00:30
    running 12.4(13b) on a 7200 (C7200-IK9S-M) and the command is not available
  8. Anonymous 05 October 2016 17:24
    Neither it is on the 3750s platform
Add comment
Home
Sidebar