Cannot connect to service on Windows Host

I am trying to connect to a services on a Windows 7 host running on port 2210 ("The Dude") as well as UDP 161 (SNMP) . Netstat on the Windows machine says it is listening on those ports to all addresses:

C:\Users\VIDEOCAST>netstat -a

Active Connections

  Proto  Local Address          Foreign Address        State
  TCP    0.0.0.0:135            VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:445            VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:554            VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:2210           VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:2211           VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:2869           VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:5900           VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:5938           VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:7112           VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:10243          VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:30761          VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:49152          VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:49153          VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:49154          VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:49155          VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:49161          VIDEOCAST:0            LISTENING
  TCP    0.0.0.0:49167          VIDEOCAST:0            LISTENING
  TCP    127.0.0.1:5939         VIDEOCAST:0            LISTENING

Open in new window


Similar for the UDP Listeners

Open in new window


But probes from outside find the port closed:

aga@jaga-Desktop:/etc/nagios3/conf.d$ nmap videocast

Starting Nmap 5.21 ( http://nmap.org ) at 2014-03-04 09:12 EST
Nmap scan report for videocast (192.168.0.109)
Host is up (0.0090s latency).
rDNS record for 192.168.0.109: VIDEOCAST.local
Not shown: 987 closed ports
PORT      STATE SERVICE
135/tcp   open  msrpc
139/tcp   open  netbios-ssn
445/tcp   open  microsoft-ds
554/tcp   open  rtsp
2869/tcp  open  unknown
5900/tcp  open  vnc
10243/tcp open  unknown
49152/tcp open  unknown
49153/tcp open  unknown
49154/tcp open  unknown
49155/tcp open  unknown
49161/tcp open  unknown
49167/tcp open  unknown

Open in new window


Windows firewall is disabled and I have tried disabling anitvirus. Please advise.

-JG
LVL 1
Jeff swicegoodTechnicianAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

giltjrCommented:
Is the host  you ran namp from on the same IP subnet as the target host?
0
Jeff swicegoodTechnicianAuthor Commented:
Yes, definitely.
0
giltjrCommented:
I would run Wireshark on both computers you are testing with to make sure the packets are leaving and arriving correctly.

On the linux box (at least it looks like linux) you can just run tcpdump and then copy the file to someplace that has wireshark.
0
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

Jeff swicegoodTechnicianAuthor Commented:
You mean the packets from the Dude server +  client and the SNMP server + client?
0
giltjrCommented:
I would start with capturing Dude and Client for now.   My guess is if you figure out what is happening with that is the same thing as SNMP.
0
Jeff swicegoodTechnicianAuthor Commented:
Dude started working on it's own. As far as SNMP I don't know enough about SNMP to know it 's working.

Here was the capture I did for SNMP.

jaga@jaga-Desktop:~$ sudo tcpdump udp  port 161 and host 192.168.0.109 -w dudecapture.out

Open in new window


That captured 6 packets with source VIDEOCAST and dst jaga-desktop, each and SNMP "get-next-request"
snmpcapture.dmp
0
Jeff swicegoodTechnicianAuthor Commented:
Note: I renamed dudecapture.out -->snmpcapture.dmp
0
giltjrCommented:
I am assuming your PC was 192.168.0.109, the capture shows that the request is leaving your PC.  You need to do a capture on 192.168.0.142 to see if it is getting there.

You do have the SNMP agent running on 192.168.0.142, right?
0
Jeff swicegoodTechnicianAuthor Commented:
No, I discovered the  SNMP Client is actually running on the Router, 192.168.0.1 and the agent is on 192.168.0.109. There is also a client running on 109, that's why the packets. The capture  was run on 192.168.0.142.

I did a new capture on the router since Router OS does captures, but nothing shows up. There should be lots of SNMP requests coming from the Dude (Dude also has a SNMP client), which runs on the router, to all the hosts on the network, but nothing.

Also, running Wireshark on 192.168.0.109 captures nothing, although it captures lots of activity when I run the SNMP client on 109 as it attempts to find SNMP services on the local network.

Sorry I've been gone. We had an ice storm and the power was out for two days.
0
giltjrCommented:
So the capture was done on ".142".  That shows that the SNMP request is getting to ".142", but it is not responding.

That mean that one of the following could be true:

1) There is no SNMP agent running on ".142"
2) There is a firewall running that is blocking inbound UDP 161.
3) If there is an agent running on ".142" it is not configured to support V1 queries.
4) If there is an agent running on ".142" that does support V1 queries, it does snot support the community name of "public".
5) The SNMP agent is configured to only support queries from specific hosts and ".109" is not one of them.

I can't remember is  Dude a Linux box?  What is its IP address?
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Jeff swicegoodTechnicianAuthor Commented:
It's working. I hadn't configured the community name correctly in Dude. I'm still learning how to use SNMP. Thank you giltjr!

-JG
0
giltjrCommented:
Thanks and glad you found it.

A small suggestion, "public" is typically the default read community.  I would suggest that you do not use it.  This prevents somebody who might be interested in learning networking  from playing with SNMP and getting info from your devices that you might not want them to see.  

I would also not use any write communities unless you really, really need to and then I would use SNMP V3 for security.
0
Jeff swicegoodTechnicianAuthor Commented:
Thanks!
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows Networking

From novice to tech pro — start learning today.