?
Solved

Which Port Is My Application Using?

Posted on 2011-11-01
6
Medium Priority
?
387 Views
Last Modified: 2012-05-12
Hi All,

I have been supplied and application that connects to a remote machine on a TCP port.

I cannot break through this port so I assume it is closed, how can I:

1) Confirm which port this application is trying to connect to?
2) Open this port (presumably outbound) on a Cisco ASA 5510

Cheers

K
0
Comment
Question by:techmiss
  • 2
  • 2
  • 2
6 Comments
 
LVL 4

Expert Comment

by:Ariful Ambia
ID: 37061989
download any free port scanning software. you can see what port your application using
0
 
LVL 4

Expert Comment

by:Ariful Ambia
ID: 37061991
0
 

Author Comment

by:techmiss
ID: 37062042
Ok, I checked my ASA (should have looked there first really)

I'm getting the following log for port 5432 which is what the application is using, how can I set up a rule to allow this.. is it inbound or outbound or both?

Cheers


4	Nov 01 2011	11:42:40	106023	10.2.150.84	59504	88.xx.xxx.57	5432	Deny tcp src inside_core2:10.2.150.84/59504 dst outside_telstra:88.xx.xxx.57/5432 by access-group "inside_core2_access_in" [0x0, 0x0]

Open in new window

0
 The Evil-ution of Network Security Threats

What are the hacks that forever changed the security industry? To answer that question, we created an exciting new eBook that takes you on a trip through hacking history. It explores the top hacks from the 80s to 2010s, why they mattered, and how the security industry responded.

 
LVL 18

Expert Comment

by:jmeggers
ID: 37062063
Wireshark is also helpful, but if you have access to the ASA, you may be able to look at the denies in your ACL.  I believe it's a good idea to do an explicit "deny ip any any log" at the bottom of a firewall so you know what's being blocked.  You will have to log your entries ("logging buffered" command for local logging) and then "show log" to look at what's being logged.  See http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html

The other thing to understand is most applications (not all, but most) work by sending traffic sourced from an ephemeral port (1024 to 65535) destined to a port specific for their application.  Return traffic is sent from the original destination port to the original source port, or to another port as instructed by the application.  So if you're allowing traffic from the untrusted side of your ASA to a server on the trusted side, your ASA ACL statement will typically be of the form "access-list 123 permit tcp <source> <mask> <destination> <mask> eq <port>" meaning the port you're listing is the destination port.  You can explicitly list the source port of the traffic (access-list 123 permit tcp <source> <mask> eq <port> <destination> <mask>) if there's a reason you need to.  If no port is listed, all ports are allowed.

0
 
LVL 18

Accepted Solution

by:
jmeggers earned 2000 total points
ID: 37062090
It really depends on what ACLs you already have in place and in what directions.  Typically the ACLs are configured on the untrusted side, but I've seen customers start configuring rules on all interfaces.  The other question is whether the traffic is TCP or UDP, but I'll assume TCP.  I'll also assume 5432 is the destination port.  In that case, try:

access-list <name> permit tcp any host 10.2.150.84 eq 5432

access-group <name> in interface <if_name>
0
 

Author Closing Comment

by:techmiss
ID: 37062258
Yep, thanks
0

Featured Post

Choose an Exciting Career in Cybersecurity

Help prevent cyber-threats and provide solutions to safeguard our global digital economy. Earn your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Concerto Cloud Services, a provider of fully managed private, public and hybrid cloud solutions, announced today it was named to the 20 Coolest Cloud Infrastructure Vendors Of The 2017 Cloud  (http://www.concertocloud.com/about/in-the-news/2017/02/0…
This article is in regards to the Cisco QSFP-4SFP10G-CU1M cables, which are designed to uplink/downlink 40GB ports to 10GB SFP ports. I recently experienced this and found very little configuration documentation on how these are supposed to be confi…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses
Course of the Month15 days, 18 hours left to enroll

850 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question