Jeff swicegood
asked on
Cannot connect to service on Windows Host
I am trying to connect to a services on a Windows 7 host running on port 2210 ("The Dude") as well as UDP 161 (SNMP) . Netstat on the Windows machine says it is listening on those ports to all addresses:
But probes from outside find the port closed:
Windows firewall is disabled and I have tried disabling anitvirus. Please advise.
-JG
C:\Users\VIDEOCAST>netstat -a
Active Connections
Proto Local Address Foreign Address State
TCP 0.0.0.0:135 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:445 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:554 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:2210 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:2211 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:2869 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:5900 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:5938 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:7112 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:10243 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:30761 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:49152 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:49153 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:49154 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:49155 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:49161 VIDEOCAST:0 LISTENING
TCP 0.0.0.0:49167 VIDEOCAST:0 LISTENING
TCP 127.0.0.1:5939 VIDEOCAST:0 LISTENING
Similar for the UDP Listeners
But probes from outside find the port closed:
aga@jaga-Desktop:/etc/nagios3/conf.d$ nmap videocast
Starting Nmap 5.21 ( http://nmap.org ) at 2014-03-04 09:12 EST
Nmap scan report for videocast (192.168.0.109)
Host is up (0.0090s latency).
rDNS record for 192.168.0.109: VIDEOCAST.local
Not shown: 987 closed ports
PORT STATE SERVICE
135/tcp open msrpc
139/tcp open netbios-ssn
445/tcp open microsoft-ds
554/tcp open rtsp
2869/tcp open unknown
5900/tcp open vnc
10243/tcp open unknown
49152/tcp open unknown
49153/tcp open unknown
49154/tcp open unknown
49155/tcp open unknown
49161/tcp open unknown
49167/tcp open unknown
Windows firewall is disabled and I have tried disabling anitvirus. Please advise.
-JG
Is the host you ran namp from on the same IP subnet as the target host?
ASKER
Yes, definitely.
I would run Wireshark on both computers you are testing with to make sure the packets are leaving and arriving correctly.
On the linux box (at least it looks like linux) you can just run tcpdump and then copy the file to someplace that has wireshark.
On the linux box (at least it looks like linux) you can just run tcpdump and then copy the file to someplace that has wireshark.
ASKER
You mean the packets from the Dude server + client and the SNMP server + client?
I would start with capturing Dude and Client for now. My guess is if you figure out what is happening with that is the same thing as SNMP.
ASKER
Dude started working on it's own. As far as SNMP I don't know enough about SNMP to know it 's working.
Here was the capture I did for SNMP.
That captured 6 packets with source VIDEOCAST and dst jaga-desktop, each and SNMP "get-next-request"
snmpcapture.dmp
Here was the capture I did for SNMP.
jaga@jaga-Desktop:~$ sudo tcpdump udp port 161 and host 192.168.0.109 -w dudecapture.out
That captured 6 packets with source VIDEOCAST and dst jaga-desktop, each and SNMP "get-next-request"
snmpcapture.dmp
ASKER
Note: I renamed dudecapture.out -->snmpcapture.dmp
I am assuming your PC was 192.168.0.109, the capture shows that the request is leaving your PC. You need to do a capture on 192.168.0.142 to see if it is getting there.
You do have the SNMP agent running on 192.168.0.142, right?
You do have the SNMP agent running on 192.168.0.142, right?
ASKER
No, I discovered the SNMP Client is actually running on the Router, 192.168.0.1 and the agent is on 192.168.0.109. There is also a client running on 109, that's why the packets. The capture was run on 192.168.0.142.
I did a new capture on the router since Router OS does captures, but nothing shows up. There should be lots of SNMP requests coming from the Dude (Dude also has a SNMP client), which runs on the router, to all the hosts on the network, but nothing.
Also, running Wireshark on 192.168.0.109 captures nothing, although it captures lots of activity when I run the SNMP client on 109 as it attempts to find SNMP services on the local network.
Sorry I've been gone. We had an ice storm and the power was out for two days.
I did a new capture on the router since Router OS does captures, but nothing shows up. There should be lots of SNMP requests coming from the Dude (Dude also has a SNMP client), which runs on the router, to all the hosts on the network, but nothing.
Also, running Wireshark on 192.168.0.109 captures nothing, although it captures lots of activity when I run the SNMP client on 109 as it attempts to find SNMP services on the local network.
Sorry I've been gone. We had an ice storm and the power was out for two days.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
It's working. I hadn't configured the community name correctly in Dude. I'm still learning how to use SNMP. Thank you giltjr!
-JG
-JG
Thanks and glad you found it.
A small suggestion, "public" is typically the default read community. I would suggest that you do not use it. This prevents somebody who might be interested in learning networking from playing with SNMP and getting info from your devices that you might not want them to see.
I would also not use any write communities unless you really, really need to and then I would use SNMP V3 for security.
A small suggestion, "public" is typically the default read community. I would suggest that you do not use it. This prevents somebody who might be interested in learning networking from playing with SNMP and getting info from your devices that you might not want them to see.
I would also not use any write communities unless you really, really need to and then I would use SNMP V3 for security.
ASKER
Thanks!