[c-nsp] strange open sockets on a switch
Peter Rathlev
peter at rathlev.dk
Thu May 8 16:54:36 EDT 2008
On Thu, 2008-05-08 at 20:21 +0300, Tassos Chatzithomaoglou wrote:
> Any idea why the switch listens to all these ports?
>
> 3400#sh ip sockets
> Proto Remote Port Local Port In Out Stat TTY OutputIF
> 17 0.0.0.0 0 x.x.x.x 1967 0 0 211 0 (sla control)
> 17 y.y.y.y 162 x.x.x.x 61570 0 0 0 0 (send snmp-trap to server)
> 17 0.0.0.0 0 x.x.x.x 2228 0 0 211 0 (?)
> 17 y.y.y.y 54482 x.x.x.x 161 0 0 1 0 (accept snmp from server)
> 17 --listen-- x.x.x.x 162 0 0 11 0 (accept snmp-trap from ?)
> 17 --listen-- x.x.x.x 62897 0 0 1 0 (?)
> 17 --listen-- --any-- 161 0 0 20001 0 (accept snmp from server)
> 17 --listen-- --any-- 162 0 0 20011 0 (accept snmp-trap from ?)
> 17 --listen-- --any-- 60312 0 0 20001 0 (?)
> 17 --listen-- x.x.x.x 123 0 0 1 0 (ntp)
> 17 y.y.y.y 514 x.x.x.x 64690 0 0 400211 0 (send syslog)
> 17 y.y.y.y 53936 x.x.x.x 5060 0 0 51 0 (sla data)
I have a C6k with port 2228/udp listening too, and then 59008/udp. The
2228 is "ehome-ms" according to IANA, but I don't see what a service
like that would be doing on a switch. Strange indeed.
> Also, is there a command to list the ports every active process is
> using (like a port to process mapping tool)?
IOS 12.4(4)T has the "show control-plane host open-ports", but that's no
use on a ME3400, which I presume the above is from. I would be very
sweet to have on the L3 switches.
Regards,
Peter
More information about the cisco-nsp
mailing list