Listing open sockets on IOS
By stretch | Wednesday, December 3, 2008 at 2:45 a.m. UTC
Most people are familiar with the netstat
command on Windows and UNIX-like systems, which lists the open TCP and UDP ports as well as current TCP connections. Cisco IOS provides a similar command: show control-plane host open-ports
. Recall that a router's control plane is what handles traffic destined for the router itself, versus the data plane which is responsible for passing transient traffic. The output of this command is nearly identical to that of Windows' netstat -n
:
Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN tcp *:80 *:0 HTTP CORE LISTEN udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN
Above is the output for a default configuration running IOS 12.4(9)T1. We can see listed TCP/23 (telnet), TCP/80 (HTTP), UDP/67 (DHCP daemon), and UDP/2887 (WLCCP). Just like netstat
, new TCP connections will be listed with a state of "established." Below an administrator has connected to the web configuration interface of the router:
Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN tcp *:80 *:0 HTTP CORE LISTEN tcp *:80 10.0.0.8:53743 HTTP CORE ESTABLIS udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN
Disabling the web configuration service will remove TCP/80 from the open ports:
Router(config)# no ip http server Router(config)# ^Z Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN
Similarly, enabling a new connection-oriented service on the control plane will add additional ports. For example, BGP opens TCP/179 and initiates a connection with each neighbor:
Router(config)# router bgp 100 Router(config-router)# neighbor 10.0.0.2 remote-as 100 Router(config)# ^Z Router# show control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:23 *:0 Telnet LISTEN tcp *:179 *:0 BGP LISTEN tcp *:179 10.0.0.2:15158 BGP ESTABLIS udp *:67 *:0 DHCPD Receive LISTEN udp *:2887 *:0 DDP LISTEN
A similar command is show ip sockets
on older IOS versions, but it doesn't seem to list TCP sockets. However, it will list other non-UDP protocols, like EIGRP:
Router# show ip sockets Proto Remote Port Local Port In Out Stat TTY OutputIF 17 --listen-- --any-- 2887 0 0 11 0 17 0.0.0.0 0 10.0.0.1 67 0 0 2211 0 88 --listen-- --any-- 100 0 0 0 0
Posted in Tips and Tricks
Comments
December 3, 2008 at 8:04 a.m. UTC
You can also issue the command "show tcp brief all" to list TCP-sockets in use or in listening. The command "show control-plane .." is not yet available in all releases, like the 12.2(33)SR -train.
Thanks for a really nice blog!
December 3, 2008 at 1:59 p.m. UTC
Thanks a lot, that's very useful. I was looking for that command for a while.
Thanks.
December 3, 2008 at 2:24 p.m. UTC
Good article, stretch. I enjoy your stuff.
December 4, 2008 at 5:36 p.m. UTC
Stretch,
What IOS ver is this command available on? I am on 12.4-21 and it seems it is unavailable.
Keep up the awesome work!
December 5, 2008 at 8:50 p.m. UTC
Hey, Stretch could you please describe command:
R#show inventory
Which list all Network Modules on router.
Thanks!
December 12, 2008 at 3:07 a.m. UTC
I met a case that rip is routing protocol between routers but port 520 is closed by my security policy on control plane closed-port option. It's the only option applied to open ports on routers in IOS 12.4(14T) Anyone know how to open an arbitrary port on a router?
March 1, 2009 at 5:45 a.m. UTC
hi,everybody one of the best site i have visited thanks
April 13, 2010 at 4:22 a.m. UTC
Thanks for good work
December 22, 2010 at 9:46 a.m. UTC
I don't understand why using the command
TEST#sh control-plane host open-ports Active internet connections (servers and established) Prot Local Address Foreign Address Service State tcp *:22 *:0 SSH-Server LISTEN tcp *:23 *:0 Telnet LISTEN tcp *:22 172.16.255.1:11445 SSH-Server ESTABLIS udp *:67 *:0 DHCPD Receive LISTEN udp *:123 *:0 NTP LISTEN udp *:161 *:0 IP SNMP LISTEN udp *:162 *:0 IP SNMP LISTEN
the snmp is in 'listen' mode, while I have no snmp-server configured!
TEST#sh snmp %SNMP agent not enabled
And why the telnet server is active if I have permitted only ssh protocol?
Thanks
Fabio