Sometimes it is good to know what is running on your machine – or if something is actually listening when you are trying to connect to that pesky server you thought you had running.
The command you want to run is:
netstat –anop TCP | find “LISTEN”
Netstat is a program that shows all open network ports on your computer. For a better explanation of the flags used, check the documentation here. In this example, we are filtering for TCP ports (there are other options). Using find to filter the information helps because we are not looking for outbound or active connections right now, just things that are listening for connections.
Once you run the command, you will see a list of all ports which have a process listening on them. The second and last columns are where the goodies are.
Starting with the second column, ignore the IP address (left of the colon) and just look things after the colon – they’re the ports. To work out which process is listening, look at the last column for the Process ID and either use tasklist (in the command line – where it all began – or task manager).
The example below shows me listing all services listening on the TCP protocol on my machine, then checking which process is listening on port 443 (PID 3384).
So I was trying to find out why we got this message in the message tracking logs for an email today…
Due to size vs. speed concerns there is a limit to the size of items checked against the Outbreak Filters. I believe the default setting’s 128K, but it can be upped to increase efficacy at the cost of processing power.
Ironport MID 42780863 was too big (337410/262144) for scanning by Outbreak Filters
The setting’s located at Management -> Security Services -> Outbreak Filters. It’s reflected in the second half of the number/number in the log file, 262144.
So I’ve been maintaining my own little database of ports for my own records of late, just so that when I found something on a network I could go “oh, this is probably what it was. It was just a set of pages added to this blog, but that was fairly unmanageable.
I went looking for an easier way of building something and built portDB. So far it’s fairly simple, as these things should be.
Over time I want to be able to run a script on a machine and add the information to the site, or be able to easily search against it. Things I’ll add when I get to them I guess
It’s hosted on Heroku and stored on Github under yaleman/portDB. Heroku is a magical hosting platform which just works. The free tier allows for funky little sites running a variety of languages, and this one’s built on Python/Flask/Markdown. The original site with the existing information took about an hour to build, then I’ve spent a bunch of time poking around and pulling in IANA assigned port numbers and so forth.
Note: ! Error in search assistant: Unable to get 'searchbnf' configuration for 'search' namespace: [HTTP 403] Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/[username]/search/properties/searchbnf?fillcontents=1
Traceback (most recent call last): File "/opt/splunk/lib/python2.7/site-packages/splunk/searchhelp/searchhelper.py", line 112, in doHelp bnf = utils.getStanzas("searchbnf", sessionKey, user, namespace)
File "/opt/splunk/lib/python2.7/site-packages/splunk/searchhelp/utils.py", line 117, in getStanzas raise Exception(msg)
Exception: Unable to get 'searchbnf' configuration for 'search' namespace: [HTTP 403]
Client is not authorized to perform requested action; https://127.0.0.1:8089/servicesNS/[username]/search/properties/searchbnf?fillcontents=1
I started getting this error on a user’s auto-complete box while trying to search in splunk because we’d failed to give them the correct capabilities.
The capabilities I had to apply were:
And here we are, at the end of another year’s LEGO advent calendar. I hope you enjoyed my posts, if you missed any make sure to visit the tag page to see all the entries from this year (and other years)