Which Port Is My Application Using?

Hi All,

I have been supplied and application that connects to a remote machine on a TCP port.

I cannot break through this port so I assume it is closed, how can I:

1) Confirm which port this application is trying to connect to?
2) Open this port (presumably outbound) on a Cisco ASA 5510

Cheers

K
techmissAsked:
Who is Participating?
 
John MeggersNetwork ArchitectCommented:
It really depends on what ACLs you already have in place and in what directions.  Typically the ACLs are configured on the untrusted side, but I've seen customers start configuring rules on all interfaces.  The other question is whether the traffic is TCP or UDP, but I'll assume TCP.  I'll also assume 5432 is the destination port.  In that case, try:

access-list <name> permit tcp any host 10.2.150.84 eq 5432

access-group <name> in interface <if_name>
0
 
Ariful AmbiaHead of MISCommented:
download any free port scanning software. you can see what port your application using
0
 
Ariful AmbiaHead of MISCommented:
0
On-Demand: Securing Your Wi-Fi for Summer Travel

Traveling this summer?Check out our on-demand webinar to learn about the importance of Wi-Fi security and 3 easy measures you can start taking immediately to protect your private data while using public Wi-Fi. Follow us today to learn more!

 
techmissAuthor Commented:
Ok, I checked my ASA (should have looked there first really)

I'm getting the following log for port 5432 which is what the application is using, how can I set up a rule to allow this.. is it inbound or outbound or both?

Cheers


4	Nov 01 2011	11:42:40	106023	10.2.150.84	59504	88.xx.xxx.57	5432	Deny tcp src inside_core2:10.2.150.84/59504 dst outside_telstra:88.xx.xxx.57/5432 by access-group "inside_core2_access_in" [0x0, 0x0]

Open in new window

0
 
John MeggersNetwork ArchitectCommented:
Wireshark is also helpful, but if you have access to the ASA, you may be able to look at the denies in your ACL.  I believe it's a good idea to do an explicit "deny ip any any log" at the bottom of a firewall so you know what's being blocked.  You will have to log your entries ("logging buffered" command for local logging) and then "show log" to look at what's being logged.  See http://www.cisco.com/en/US/docs/security/asa/asa82/configuration/guide/monitor_syslog.html

The other thing to understand is most applications (not all, but most) work by sending traffic sourced from an ephemeral port (1024 to 65535) destined to a port specific for their application.  Return traffic is sent from the original destination port to the original source port, or to another port as instructed by the application.  So if you're allowing traffic from the untrusted side of your ASA to a server on the trusted side, your ASA ACL statement will typically be of the form "access-list 123 permit tcp <source> <mask> <destination> <mask> eq <port>" meaning the port you're listing is the destination port.  You can explicitly list the source port of the traffic (access-list 123 permit tcp <source> <mask> eq <port> <destination> <mask>) if there's a reason you need to.  If no port is listed, all ports are allowed.

0
 
techmissAuthor Commented:
Yep, thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.