FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 08-11-2008, 04:11 AM
"sunhux G"
 
Default ways/tools to check for ports required by applications to facilitate firewall rules creation

Firstly any equivalent of Solaris' snoop & truss command in Linux?

We ran into this problem from time to time :

the outsourced vendors/support staff (like application developers, CA
Unicentre monitoring team
member) would request our firewall administrator to permit certain Tcp/Udp
ports to be pass
through the firewall/Cisco switch.

Problem is :
the vendor/support staff themselves are often not 100% certain which Tcp/Udp
ports their
applications require & if the ports used by returning traffic comes through
high ports (source
& destination ports issue)

Our firewall admin is green & would only do just the firewall permissioning.
I have no access
to the firewall & the firewall admin told me the Sidewinder/Borderware do
not have logs which
could give us any clue as to what Tcp/Udp ports the application is
attempting to connect through
or return traffic uses.

Let's assume the firewall/Cisco network admin is not going to help.

Is there anything I can do on the source & destination servers to establish
which ports
are required? On Linux OS level (of the source server), I thought of
issuing
netstat -an 1 | find "source_or_destination_IP_address"
& then on the source server, launch the application/command to make the
connection &
the continuous "netstat" would reflect which port it's attempting to connect
through.

For successful connections, "netstat -an" would show the status as
"ESTABLISHED"

However, for Udp ports, don't think it will be shown as "ESTABLISHED", am I
right? as
Udp is connectionless protocol??

Any script (that's rapidly/continously running) or free tools that I can run
on the source &
destination servers that could help me determine which ports are the servers
attempting
to connect to ?

Suppose the firewall admin finally allows me to gain a brief access to the
firewall's Unix
command line, what command I can issue to find out the tcp ports, if any ?

Very often, there's return traffic too & this needs to be sniffed out too,
eg:
passive ftp initiated on Tcp port 20 from source & think high port needed
for return traffic
ftp data used Tcp 21 (believe if it's get, it would be from destination to
source while
if it's put, it would be from source to destination??)

My all time favorite in the days I'm a firewall admin is to create a
universal rule(s) which
permit all Tcp/Udp ports between the source/destination & issue "netstat -an
| grep addrs"
on both source/destination, remove the universal rule & then create more
restrictive rule(s).
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-11-2008, 01:11 PM
Harry Hoffman
 
Default ways/tools to check for ports required by applications to facilitate firewall rules creation

see tcpdump and strace

On Mon, 2008-08-11 at 12:11 +0800, sunhux G wrote:
> Firstly any equivalent of Solaris' snoop & truss command in Linux?
>
> We ran into this problem from time to time :
>
> the outsourced vendors/support staff (like application developers, CA
> Unicentre monitoring team
> member) would request our firewall administrator to permit certain Tcp/Udp
> ports to be pass
> through the firewall/Cisco switch.
>
> Problem is :
> the vendor/support staff themselves are often not 100% certain which Tcp/Udp
> ports their
> applications require & if the ports used by returning traffic comes through
> high ports (source
> & destination ports issue)
>
> Our firewall admin is green & would only do just the firewall permissioning.
> I have no access
> to the firewall & the firewall admin told me the Sidewinder/Borderware do
> not have logs which
> could give us any clue as to what Tcp/Udp ports the application is
> attempting to connect through
> or return traffic uses.
>
> Let's assume the firewall/Cisco network admin is not going to help.
>
> Is there anything I can do on the source & destination servers to establish
> which ports
> are required? On Linux OS level (of the source server), I thought of
> issuing
> netstat -an 1 | find "source_or_destination_IP_address"
> & then on the source server, launch the application/command to make the
> connection &
> the continuous "netstat" would reflect which port it's attempting to connect
> through.
>
> For successful connections, "netstat -an" would show the status as
> "ESTABLISHED"
>
> However, for Udp ports, don't think it will be shown as "ESTABLISHED", am I
> right? as
> Udp is connectionless protocol??
>
> Any script (that's rapidly/continously running) or free tools that I can run
> on the source &
> destination servers that could help me determine which ports are the servers
> attempting
> to connect to ?
>
> Suppose the firewall admin finally allows me to gain a brief access to the
> firewall's Unix
> command line, what command I can issue to find out the tcp ports, if any ?
>
> Very often, there's return traffic too & this needs to be sniffed out too,
> eg:
> passive ftp initiated on Tcp port 20 from source & think high port needed
> for return traffic
> ftp data used Tcp 21 (believe if it's get, it would be from destination to
> source while
> if it's put, it would be from source to destination??)
>
> My all time favorite in the days I'm a firewall admin is to create a
> universal rule(s) which
> permit all Tcp/Udp ports between the source/destination & issue "netstat -an
> | grep addrs"
> on both source/destination, remove the universal rule & then create more
> restrictive rule(s).

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 08-11-2008, 06:35 PM
Yong Huang
 
Default ways/tools to check for ports required by applications to facilitate firewall rules creation

> Any script (that's rapidly/continously running) or free tools
> that I can run on the source & destination servers that could
> help me determine which ports are the servers attempting to
> connect to ?

-p option of netstat can associate ports with processes. lsof (the tool by Vic
Abel) can show you more. If that doesn't work for you, try:

strace -e trace=network your_application

Yong Huang




--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Mon Aug 11 22:30:01 2008
Return-path: <ubuntu-users-bounces@lists.ubuntu.com>
Envelope-to: tom@linux-archive.org
Delivery-date: Mon, 11 Aug 2008 21:36:53 +0300
Received: from chlorine.canonical.com ([91.189.94.204])
by s2.java-tips.org with esmtp (Exim 4.69)
(envelope-from <ubuntu-users-bounces@lists.ubuntu.com>)
id 1KScGD-0005l4-2j
for tom@linux-archive.org; Mon, 11 Aug 2008 21:36:53 +0300
Received: from localhost ([127.0.0.1] helo=chlorine.canonical.com)
by chlorine.canonical.com with esmtp (Exim 4.60)
(envelope-from <ubuntu-users-bounces@lists.ubuntu.com>)
id 1KScF5-0007cD-Cv; Mon, 11 Aug 2008 19:35:43 +0100
Received: from py-out-1112.google.com ([64.233.166.181])
by chlorine.canonical.com with esmtp (Exim 4.60)
(envelope-from <qrczakmk@gmail.com>) id 1KScF3-0007bu-GU
for ubuntu-users@lists.ubuntu.com; Mon, 11 Aug 2008 19:35:41 +0100
Received: by py-out-1112.google.com with SMTP id z57so957467pyg.22
for <ubuntu-users@lists.ubuntu.com>;
Mon, 11 Aug 2008 11:35:40 -0700 (PDT)
Received: by 10.114.12.9 with SMTP id 9mr3811260wal.121.1218479740372;
Mon, 11 Aug 2008 11:35:40 -0700 (PDT)
Received: by 10.115.94.9 with HTTP; Mon, 11 Aug 2008 11:35:40 -0700 (PDT)
Message-ID: <3f4107910808111135v1f19caabq94f11245610c6c28@mail .gmail.com>
Date: Mon, 11 Aug 2008 20:35:40 +0200
From: "=?UTF-8?Q?Marcin_‚??Qrczak‚??_Kowalczyk?="
<qrczak@knm.org.pl>
To: "Ubuntu user technical support,
not for general discussions" <ubuntu-users@lists.ubuntu.com>
Subject: Re: List entries - gmail
In-Reply-To: <2844f54a0808111112r7b0dc62eyb5f8be404d059125@mail .gmail.com>
MIME-Version: 1.0
Content-Disposition: inline
References: <2844f54a0808110800o24773c85r1718a56de44d24fa@mail .gmail.com>
<48A05A11.8010100@gmail.com>
<2844f54a0808110835sf919476kf72596124ddf365d@mail. gmail.com>
<1218470464.9500.5.camel@legolas> <48A067A1.5040704@gmail.com>
<2844f54a0808111026v5de4e0c0x3cdc7872e707ecf0@mail .gmail.com>
<48A07F93.6080803@gmail.com>
<2844f54a0808111112r7b0dc62eyb5f8be404d059125@mail .gmail.com>
X-Google-Sender-Auth: fb0442582678d4f3
X-BeenThere: ubuntu-users@lists.ubuntu.com
X-Mailman-Version: 2.1.8
Precedence: list
Reply-To: "Ubuntu user technical support,
not for general discussions" <ubuntu-users@lists.ubuntu.com>
List-Id: "Ubuntu user technical support,
not for general discussions" <ubuntu-users.lists.ubuntu.com>
List-Unsubscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>,
<mailto:ubuntu-users-request@lists.ubuntu.com?subject=unsubscribe>
List-Archive: <https://lists.ubuntu.com/archives/ubuntu-users>
List-Post: <mailto:ubuntu-users@lists.ubuntu.com>
List-Help: <mailto:ubuntu-users-request@lists.ubuntu.com?subject=help>
List-Subscribe: <https://lists.ubuntu.com/mailman/listinfo/ubuntu-users>,
<mailto:ubuntu-users-request@lists.ubuntu.com?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ubuntu-users-bounces@lists.ubuntu.com
Errors-To: ubuntu-users-bounces@lists.ubuntu.com

2008/8/11 Verde Denim <tdldev@gmail.com>:

> The really stupid part is that I set up a filter with the From address as
> ubuntu-users@lists.ubuntu.com, and the action to take as "Never Spam"... and
> it still doesn't work.

Is it marked as spam? If not, it does work.

> If the only mail I can't get is MY OWN,

You don't get an additional copy because you already have the copy
that you have sent. In the web interface it is inserted in the thread
it is a part of. It can indeed be confusing if you access it via POP3.

--
Marcin Kowalczyk
qrczak@knm.org.pl
http://qrnik.knm.org.pl/~qrczak/

--
ubuntu-users mailing list
ubuntu-users@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
 

Thread Tools




All times are GMT. The time now is 12:04 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org