Listing open sockets on IOS

By stretch | Wednesday, December 3, 2008 at 2:45 a.m. UTC

Most people are familiar with the netstat command on Windows and UNIX-like systems, which lists the open TCP and UDP ports as well as current TCP connections. Cisco IOS provides a similar command: show control-plane host open-ports. Recall that a router's control plane is what handles traffic destined for the router itself, versus the data plane which is responsible for passing transient traffic. The output of this command is nearly identical to that of Windows' netstat -n:

Router# show control-plane host open-ports
Active internet connections (servers and established)
Prot        Local Address      Foreign Address                  Service    State
 tcp                 *:23                  *:0                   Telnet   LISTEN
 tcp                 *:80                  *:0                HTTP CORE   LISTEN
 udp                 *:67                  *:0            DHCPD Receive   LISTEN
 udp               *:2887                  *:0                      DDP   LISTEN

Above is the output for a default configuration running IOS 12.4(9)T1. We can see listed TCP/23 (telnet), TCP/80 (HTTP), UDP/67 (DHCP daemon), and UDP/2887 (WLCCP). Just like netstat, new TCP connections will be listed with a state of "established." Below an administrator has connected to the web configuration interface of the router:

Router# show control-plane host open-ports
Active internet connections (servers and established)
Prot        Local Address      Foreign Address                  Service    State
 tcp                 *:23                  *:0                   Telnet   LISTEN
 tcp                 *:80                  *:0                HTTP CORE   LISTEN
 tcp                 *:80       10.0.0.8:53743                HTTP CORE ESTABLIS
 udp                 *:67                  *:0            DHCPD Receive   LISTEN
 udp               *:2887                  *:0                      DDP   LISTEN

Disabling the web configuration service will remove TCP/80 from the open ports:

Router(config)# no ip http server
Router(config)# ^Z
Router# show control-plane host open-ports
Active internet connections (servers and established)
Prot        Local Address      Foreign Address                  Service    State
 tcp                 *:23                  *:0                   Telnet   LISTEN
 udp                 *:67                  *:0            DHCPD Receive   LISTEN
 udp               *:2887                  *:0                      DDP   LISTEN

Similarly, enabling a new connection-oriented service on the control plane will add additional ports. For example, BGP opens TCP/179 and initiates a connection with each neighbor:

Router(config)# router bgp 100
Router(config-router)# neighbor 10.0.0.2 remote-as 100
Router(config)# ^Z
Router# show control-plane host open-ports
Active internet connections (servers and established)
Prot        Local Address      Foreign Address                  Service    State
 tcp                 *:23                  *:0                   Telnet   LISTEN
 tcp                *:179                  *:0                      BGP   LISTEN
 tcp                *:179       10.0.0.2:15158                      BGP ESTABLIS
 udp                 *:67                  *:0            DHCPD Receive   LISTEN
 udp               *:2887                  *:0                      DDP   LISTEN

A similar command is show ip sockets on older IOS versions, but it doesn't seem to list TCP sockets. However, it will list other non-UDP protocols, like EIGRP:

Router# show ip sockets
Proto    Remote      Port      Local       Port  In Out Stat TTY OutputIF
 17   --listen--          --any--          2887   0   0   11   0 
 17 0.0.0.0             0 10.0.0.1           67   0   0 2211   0 
 88   --listen--          --any--           100   0   0    0   0

About the Author

Jeremy Stretch is a network engineer living in the Raleigh-Durham, North Carolina area. He is known for his blog and cheat sheets here at Packet Life. You can reach him by email or follow him on Twitter.

Posted in Tips and Tricks

Comments


Fredrik (guest)
December 3, 2008 at 8:04 a.m. UTC

You can also issue the command "show tcp brief all" to list TCP-sockets in use or in listening. The command "show control-plane .." is not yet available in all releases, like the 12.2(33)SR -train.

Thanks for a really nice blog!


nemako (guest)
December 3, 2008 at 1:59 p.m. UTC

Thanks a lot, that's very useful. I was looking for that command for a while.

Thanks.


Aaron (guest)
December 3, 2008 at 2:24 p.m. UTC

Good article, stretch. I enjoy your stuff.


Josh (guest)
December 4, 2008 at 5:36 p.m. UTC

Stretch,

What IOS ver is this command available on? I am on 12.4-21 and it seems it is unavailable.

Keep up the awesome work!


Gemini (guest)
December 5, 2008 at 8:50 p.m. UTC

Hey, Stretch could you please describe command:

R#show inventory

Which list all Network Modules on router.

Thanks!


Phuc (guest)
December 12, 2008 at 3:07 a.m. UTC

I met a case that rip is routing protocol between routers but port 520 is closed by my security policy on control plane closed-port option. It's the only option applied to open ports on routers in IOS 12.4(14T) Anyone know how to open an arbitrary port on a router?


mirza (guest)
March 1, 2009 at 5:45 a.m. UTC

hi,everybody one of the best site i have visited thanks


Addy
April 13, 2010 at 4:22 a.m. UTC

Thanks for good work


Ciscozine
December 22, 2010 at 9:46 a.m. UTC

I don't understand why using the command

TEST#sh control-plane host open-ports 
Active internet connections (servers and established)
Prot        Local Address      Foreign Address                  Service    State
 tcp                 *:22                  *:0               SSH-Server   LISTEN
 tcp                 *:23                  *:0                   Telnet   LISTEN
 tcp                 *:22   172.16.255.1:11445               SSH-Server ESTABLIS
 udp                 *:67                  *:0            DHCPD Receive   LISTEN
 udp                *:123                  *:0                      NTP   LISTEN
 udp                *:161                  *:0                  IP SNMP   LISTEN
 udp                *:162                  *:0                  IP SNMP   LISTEN

the snmp is in 'listen' mode, while I have no snmp-server configured!

TEST#sh snmp   
%SNMP agent not enabled

And why the telnet server is active if I have permitted only ssh protocol?

Thanks
Fabio

Comments have closed for this article due to its age.