Display open TCP and UDP ports

With the introduction of Control Plane Policing features (available from 12.3(4)T), you can easily inspect all the open ports (servers and clients) on a router with the show control-plane host open-ports command, resulting in a printout very similar to the netstat -a printout on a Unix/Windows workstation. For example, on the router where I've configured BGP, HTTP server, NTP and DHCP, this command produces the following output (a session to a BGP neighbor as well as a telnet session was established):
R1#show control-plane host open-ports
Active internet connections (servers and established)
Prot Local Address Foreign Address Service State
 tcp *:23 *:0 Telnet LISTEN
 tcp *:80 *:0 HTTP CORE LISTEN
 tcp *:179 *:0 BGP LISTEN
 tcp *:179 10.0.7.2:43962 BGP ESTABLIS
 tcp *:23 10.0.7.2:18036 Telnet ESTABLIS
 udp *:67 *:0 DHCPD Receive LISTEN
 udp *:68 *:0 BootP client LISTEN
 udp *:123 *:0 NTP LISTEN
Notes:
  • This show command does not display non-TCP/UDP servers (OSPF, EIGRP, RSVP) or even some UDP-based services (RIP).
  • Although I was considering writing about CPP for a long time, Artur Szymanski was the one that brought this command to my attention. Thanks!

10 comments:

  1. I've been looking for this for a while now. Thanks a heap.
  2. "show ip sockets" is a similar command that works on older IOS versions.
  3. I can't test the "show ip sockets" command, as it's gone from 12.4T, but if I remember correctly, it did not display the TCP sessions ... but I may be completely wrong.
  4. Prior to 12.4T I used both show ip sockets and show tcp brief. However, I agree that in 12.4T the control plane command is much better.
  5. Sample from ver 12.2

    router#sho ip sockets
    Proto Remote Port Local Port In Out Stat TTY OutputIF
    17 --listen-- multicast 1985 0 0 41 0
    17 x.x.x.x 514 ServerIP 58795 0 0 20 0
    17 x.x.x.x 514 ServerIP 58849 0 0 20 0
    17 x.x.x.x 162 ServerIP 56261 0 0 0 0
    17 x.x.x.x 162 ServerIP 55417 0 0 0 0
    17 x.x.x.x 67 ServerIP 67 0 0 2211 0
    17 0.0.0.0 0 ServerIP 2228 0 0 211 0
    17 x.x.x.x 1058 ServerIP 161 0 0 1 0
    17 --listen-- ServerIP 162 0 0 11 0
    17 --listen-- ServerIP 51525 0 0 11 0
    17 --listen-- ServerIP 123 0 0 1 0
    17 --listen-- ServerIP 496 0 0 61 0


    router# sho tcp brief
    TCB Local Address Foreign Address (state)
    47198FA8 router.23 user.3305 ESTAB
    4724E2C8 router.14191 server.49 ESTAB
    4738EAB0 router.14190 server.49 TIMEWAIT
  6. Funniest thing

    I used the show control-plane host open-ports command on my little 877 ADSL Router running c870-advipservicesk9-mz.124-11.T.bin and it dropped the ATM (ADSL) interface.

    Anyhow, I found an open port I wasn't even aware was open and have closed it up. Very annoying.

    #show control-plane host open-ports
    Active internet connections (servers and established)
    Prot Local Address Foreign Address Service State
    tcp *:22 *:0 SSH-Server LISTEN
    tcp *:23 *:0 Telnet LISTEN
    tcp *:80 *:0 HTTP CORE LISTEN
    tcp *:443 *:0 HTTP CORE LISTEN
    udp *:67 *:0 DHCPD Receive LISTEN
    udp *:2887 *:0 DDP LISTEN
    udp *:123 *:0 NTP LISTEN


    Thanks Ivan
    Replies
    1. Ivan,

      Did you use an ACL or a specific command to close UDP port 2887?

      Thanks.
    2. That wasn't me but one of the readers ;)

      DDP is AppleTalk-related, so he probably had some leftover AppleTalk configuration that he had to remove.
  7. running 12.4(13b) on a 7200 (C7200-IK9S-M) and the command is not available
  8. Neither it is on the 3750s platform
Add comment
Sidebar