Listing open sockets on IOS
Most people are familiar with the netstat command on Windows and UNIX-like systems, which lists the open TCP and UDP ports as well as current TCP connections. Cisco IOS provides a similar command: show control-plane host open-ports. Recall that a router's control plane is what handles traffic destined for the router itself, versus the data plane which is responsible for passing transient traffic. The output of this command is nearly identical to that of Windows' netstat -n:
Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN tcp *:80 *:0 HTTP CORE LISTEN udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN
Above is the output for a default configuration running IOS 12.4(9)T1. We can see listed TCP/23 (telnet), TCP/80 (HTTP), UDP/67 (DHCP daemon), and UDP/2887 (WLCCP). Just like netstat, new TCP connections will be listed with a state of "established." Below an administrator has connected to the web configuration interface of the router:
Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN tcp *:80 *:0 HTTP CORE LISTEN tcp *:80 10.0.0.8:53743 HTTP CORE ESTABLIS udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN
Disabling the web configuration service will remove TCP/80 from the open ports:
Router(config)# no ip http server Router(config)# ^Z Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN
Similarly, enabling a new connection-oriented service on the control plane will add additional ports. For example, BGP opens TCP/179 and initiates a connection with each neighbor:
Router(config)# router bgp 100 Router(config-router)# neighbor 10.0.0.2 remote-as 100 Router(config)# ^Z Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN tcp *:179 *:0 BGP LISTEN tcp *:179 10.0.0.2:15158 BGP ESTABLIS udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN
A similar command is show ip sockets on older IOS versions, but it doesn't seem to list TCP sockets. However, it will list other non-UDP protocols, like EIGRP:
Router# show ip sockets Proto Remote Port Local Port In Out Stat TTY OutputIF 17 --listen-- --any-- 2887 0 0 11 0 17 0.0.0.0 0 10.0.0.1 67 0 0 2211 0 88 --listen-- --any-- 100 0 0 0 0
About the Author
Jeremy Stretch is a freelance networking consultant, instructor, and the maintainer of PacketLife.net. He currently lives in Fairfax, VA on the edge of the Washington, DC metro area. Although primarily an R&S guy, he likes to get into everything, and runs a free Cisco lab out of his basement for fun. You can contact him by email or follow him on Twitter.
Comments
Thanks a lot, that's very useful. I was looking for that command for a while.
Thanks.
Good article, stretch. I enjoy your stuff.
Stretch,
What IOS ver is this command available on? I am on 12.4-21 and it seems it is unavailable.
Keep up the awesome work!
Hey, Stretch could you please describe command:
R#show inventory
Which list all Network Modules on router.
Thanks!
I met a case that rip is routing protocol between routers but port 520 is closed by my security policy on control plane closed-port option. It's the only option applied to open ports on routers in IOS 12.4(14T) Anyone know how to open an arbitrary port on a router?
hi,everybody one of the best site i have visited thanks
Thanks for good work
You can also issue the command "show tcp brief all" to list TCP-sockets in use or in listening. The command "show control-plane .." is not yet available in all releases, like the 12.2(33)SR -train.
Thanks for a really nice blog!