QoS per udp port on an interface
Is it possible to configure a CISCO 3560 switch for QoS where we can apply per udp port policies with different Token Bucket rates and burst sizes? If so, how?
Write access lists that match the particular UDP port(s) you want, assign each ACL to a different class, and then assign each class on the policy map with a different policer. Note that you may not be able to do this if the switch has a layer-two only license (i.e. LAN base/lite).
Similar Messages
-
QOS Network Planning - TCP/UDP Ports used in CWMS 2.5 MDC deployment
Does anyone know if there is documentation that describes the WAN traffic in CWMS 2.5 MDC? I'm looking for the TCP/UDP ports that must be prioritized on the WAN to properly class our traffic between the two data centers. I can't find any such document.
Thanks,
MattHI Matt,
All the network requirements are listed in the CWMS 2.5 Planning Guide in Networking Checklist: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html
I hope this is what you are looking for.
-Dejan -
Incoming RTP traffic blocked by SPA112 ATA: UDP port unreachable
Hi folks,
I'm using a Cisco SPA112 ATA behind a NAT, where port 5060,5061 and 16384-16482 are forwarded. Registration to the SIP proxy also works fine. However, I'm struggling with audio issues, meaning that the RTP session is not setup properly.
When investigating this issue at the packet-level, I found that the ATA itself is blocking traffic:
21:00:21.857655 IP 192.168.x.y > 82.197.a.b: ICMP 192.168.x.y udp port 16452 unreachable, length 208
The blocked port number depends per session, but is always between 16384 and 16482.
Actually, the issue sounds very much like in [1]. However, the proposed solution (disabling CDP) is not of any help to me, since it's disabled on my ATA by default. Any clue what could be the reason for this behaviour? Your help is greatly appreciated.
[1] https://supportforums.cisco.com/discussion/11470321/spa-962-intermittently-no-audio-rtp-port-closedunreachableHi,
You can try this packet Tracer:-
packet input outside udp <External Source Ip on the internet> 45657 <Outside interface IP> 43139 det
For the captures , you just need to verify that the ASA device is passing the traffic through as this is UDP traffic , we would not be able to find much.
For more information on captures:-
https://supportforums.cisco.com/document/69281/asa-using-packet-capture-troubleshoot-asa-firewall-configuration-and-scenarios
Let me know if you have any further queries.
Thanks and Regards,
Vibhor Amrodia -
A single UDP port in a multithreaded server
I'm trying to write a server application that creates a thread for every client. The server/client communication is a combination of TCP and UDP, and I want to use a fixed TCP/UDP port on the server side to make it easier to use behind NAT routers. Here's a summary of what I have done and what I want to achieve:
- The server creates a TCP and UDP channel (I'm using the NIO interface) on the specified ports
- The server waits for incoming clients by calling accept() on the TCP channel
- The server creates a new thread for the new client, and gives the TCP and UDP channels as arguments
- The client informs the server about its UDP port over the TCP connection
- The new server thread connect()s the UDP channel to the IP:port pair received over the TCP connection
I believed that connecting the UDP socket to the IP:port of the client in each thread would make it possible to use a single UDP port for the multithreaded application, but it seems that the connect() call affects the parent thread as well. The next client that tries to connect() gets a "Connect already invoked" error. I tried calling clone() on the UDP channel argument I passed to the new thread, but was not allowed to call clone() because it's protected.
Can someone tell me if what I'm trying to do is possible, and if so, how to achieve it?Peter__Lawrey wrote:It sounds like you want to bind a UDP socket to a listening port and the sender as well. So you can have a thread per sending IP:port. (Not sure why you would want to...)
To my knowledge you can only bind a socket based on the listening port. You could have a dispatcher thread which passes these packets to the thread for that sender.
To me, client/server means a request/response based interaction with a request from the client and the response from the server back to the client. This interaction is typically point to point and lossless.-I wanted one thread per client because it's the simplest thing to implement. For example, I don't have to create data structures for storing state information for each individual client (e.g., bitrate, block size, duration, etc), since each thread has only one single client. Still, I don't want to use hacks like having a dispatcher thread, so if it is correct that UDP ports can't be used in the same way as TCP ports, I guess I'll just have to implement the server as a single-threaded process. :(
As for client/server, a better description would be master/slave (and that's what I'm using in my program), but I thought I'd make it simple and use the more common client/server terms in this thread since it doesn't matter for the question I'm asking. -
Application by using more than 65535 UDP ports
Hello all!
I'm now implementing a device simulator in VC++ to performance a load test to our server application. I need to simulate a huge number of devices to communicate with this server via UDP, each device shall have its own UDP port exclusive during the
simulation.
Since there are maximal 65536 ports pro IP address and from 0 to 1024 are reserved by OS, theoretically I have 64511 free ports for my Simulator application, considering some ports are required by some services/applications, the free port number may a little
fewer, I'm assuming this number is 60000. According to our software requirement, I can't reach the required simulating device amount under this port limitation.
If I'm right, if one computer has more IPs, I shall have more than 60000 free ports. My simulator runs under Windows Server 2008, 2 physical network adapters and I used following command to change the dynamic UDP port range to get 60000 UDP ports:
netsh interface ipv4 set dynamicportrange protocol=udp startport=3000 numberofports=60000
My questions are:
1. Is this setting globally available or for each IP address?
I tried to set the parameter "numberofports" to 120000 but it didn't work.
2. Shall I set for each IP address separately a UDP port range?
3. If this setting is for each IP addres available, I have following problem:
For two IP address, I could bind 60000 ports in total to 60000 UDP sockets, e.g IP1 20000 ports and IP2 40000 ports, or IP1 40000 ports and IP2 20000 ports. That means I can still use maximal 60000 UDP ports.
Unfortunately, I can't find any reference about this topic in Internet, does anyone have my similar situation?
Thank you in advance to teach me a solution!" I need so many UDP ports because our product has "state", and our Server application maintains connection sessions for each connected device."
Couldn't you add some information to the datagrams that identify the state? That may require less resources than creating a zillion of sockets. Though I suppose that using a single socket would lead to serialization and that will hurt scaling...
"How much memory does one socket need? I didn't think about this topic....."
Hmm, memory is need for the socket data structures and buffers. Probably a few kilobytes. Let's do a test and see what happens:
#include <winsock2.h>
#include <cstdio>
#pragma comment(lib, "ws2_32.lib")
DWORD WINAPI ServerThread(LPVOID addr) {
SOCKET sk = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
if (sk == INVALID_SOCKET) {
printf("socket failed\n");
return 1;
int err = bind(sk, static_cast<sockaddr *>(addr), sizeof(sockaddr_in));
if (err != 0) {
printf("bind failed\n");
return 1;
char buffer[256];
sockaddr_in from;
int fromLen = sizeof(from);
for (;;) {
int length = recvfrom(sk, buffer, 256, 0, reinterpret_cast<sockaddr *>(&from), &fromLen);
printf("got %d bytes from %s:%d\n", length, inet_ntoa(from.sin_addr), htons(from.sin_port));
int main() {
WSADATA wsaData;
int err = WSAStartup(MAKEWORD(2, 2), &wsaData);
sockaddr_in to;
to.sin_family = AF_INET;
to.sin_port = htons(4242);
to.sin_addr.S_un.S_addr = inet_addr("192.168.1.68");
CreateThread(nullptr, 0, ServerThread, &to, 0, nullptr);
const char *addrs[] { "192.168.1.40", "192.168.1.41", "192.168.1.42", "192.168.1.43" };
SOCKET sockets[_countof(addrs)][30000];
sockaddr_in from;
from.sin_family = AF_INET;
int count = 0;
for (int i = 0; i < _countof(addrs); i++) {
from.sin_addr.S_un.S_addr = inet_addr(addrs[i]);
for (int j = 0; j < _countof(sockets[i]); j++) {
SOCKET sk = socket(AF_INET, SOCK_DGRAM, IPPROTO_UDP);
from.sin_port = htons(65535 - j);
err = bind(sk, reinterpret_cast<sockaddr *>(&from), sizeof(from));
if (err != 0) {
printf("bind failed while creating socket %d on %s:%d\n", count, addrs[i], 65535 - j);
closesocket(sk);
sk = INVALID_SOCKET;
else {
count++;
sockets[i][j] = sk;
printf("created %d sockets\n", count);
char buffer[256];
for (int i = 0; i < _countof(sockets); i++) {
for (int j = 0; j < _countof(sockets[i]); j++) {
if (sockets[i][j] != INVALID_SOCKET)
err = sendto(sockets[i][j], buffer, 256, 0, reinterpret_cast<sockaddr *>(&to), sizeof(to));
This creates almost 120000 sockets on my machine (Win 8.1). All the 192.168.1.x addresses are on the same network adapter, 4 of them are used for "clients" and 1 for the "server". Clients have ports in the range 35535 - 65535 so you get
around 30000 sockets per address (a few ports are in use so you won't get exactly 30000 unless you adjust the code).
When the program starts the kernel non paged pool jumps from ~50MB to ~200MB. That means around 1.3KBytes per socket.
@Joel Engineer: "The windows operating system can only have one IP per Computer name and a computer can only have one name..."
You're delusional. -
Hi Experts,
Is the above statement true?. I learnt later that adding tcp and udp ports on the nat 0 statements are supported . But does it take away the entire nat statement? Please answer my question at the earliest.
Regards
KrishnaKrishna,
"NAT exemption (nat 0 access-list command)—NAT exemption allows both translated and remote hosts to initiate connections. Like identity NAT, you do not limit translation for a host on specific interfaces; you must use NAT exemption for connections through all interfaces. However, NAT exemption does enable you to specify the real and destination addresses when determining the real addresses to translate (similar to policy NAT), so you have greater control using NAT exemption. However unlike policy NAT, NAT exemption does not consider the ports in the access list. NAT exemption also does not support connection settings, such as maximum TCP connections."
Reference
So, since the documentation clearly says that this rule does not consider any ports in the ACL, then one should not be testing unsupported configurations.
If one adds an ACL with specific ports, then unexpected results may be expected.
My suggestion, dont add any ACL entry with specific ports to your NAT exempt statement.
Thanks.
Portu.
Please rate any helpful posts -
Hi,
I could find a solution for my problem. I need to monitor a UDP port.
For the TCP ports i'm using MP template TCP Port, but for the UDP i don't find any tool.
My question is. It's possible to monitor UPD ports in SCOM 2012 R2? If yes, how?
Thank you,
RuiHi Rui,
I have found a possibility to do this. Hope you understand this and it is helpful. This is a two step process but guess will definitely server the purpose.
Scope: We will be running a tool which will monitor a port (TCP or UDP) for a specific host / IP and will throw a log file.
SCOM will monitor the log file and will throw a alert if the log file contains the string NOT LISTENING (Port not working or unable to open the port) which the program will create the log with the results.
First download the program named: PortQry Command Line Port Scanner Version 2.0 from microsoft using the below link. It is a command line tool.
http://www.microsoft.com/en-in/download/details.aspx?id=17148
Run it using by making a batch file or powershell script using task scheduler as per your time requirement (Every 5 min or 1Hr).
Use this command to monitor a ip / hostname and its port with TCP or UDP.
I have pasted the command file of the program in C:\Port_checker directory so i am using the below syntax
C:\Port_checker\PortQry.exe -N 192.168.1.1 -e 5723 -p UDP -l C:\Port_checker\Result.log /y
-N = Hostname / FQDN of agent or Ip address
-E = Port # what you want to monitor
-P = Protocol (TCP or UDP)
-L = Generate log on the following location and name
/Y = To replace the existing log file name to fresh one without prompt.
The result in the log file will be as follows:
============================
For successful port open:
PortQry Version 2.0 Log File
System Date: Tue Oct 07 09:42:32 2014
Command run:
C:\PortQryV2\PortQry.exe -N 192.168.1.1 -e 5723 -p UDP -l C:\Portqryv2\Result.log /y
Local computer name:
192.168.1.2
Querying target system called:
192.168.1.1
Attempting to resolve name to IP address...
Name resolved to 192.168.1.1
querying...
UDP port 5723 (unknown service): LISTENING
========= end of log file =========
PortQry developed by Tim Rains
For failure port open:
PortQry Version 2.0 Log File
System Date: Tue Oct 07 09:42:32 2014
Command run:
C:\PortQryV2\PortQry.exe -N 192.168.1.1 -e 5723 -p UDP -l C:\Portqryv2\Result.log /y
Local computer name:
192.168.1.2
Querying target system called:
192.168.1.1
Attempting to resolve name to IP address...
Name resolved to 192.168.1.1
querying...
UDP port 5723 (unknown service): NOT LISTENING
========= end of log file =========
PortQry developed by Tim Rains
Now as per the above results NOT LISTENING Port is blocked or is not opened and LISTENING
means working or port is opened.
So now using SCOM you will monitor the log file Result.log
in the location C:\Port_checker\ saying if NOT LISTENING
comes in the log file throw me a alert in SCOM consle or via email.
To configure that alert you need to create a Generic text log alerting Rule which will throw a alert if any thing added in that log which is not to be added and if it is added like NOT LISTENING
then it will throw a alert.
Refer this link on how to open a Generic text log alerting Rule.
http://blogs.technet.com/b/kevinholman/archive/2009/06/20/using-a-generic-text-log-rule-to-monitor-an-ascii-text-file-even-when-the-file-is-a-unc-path.aspx
Gautam.75801 -
According to the firewall console log, I seem to be bombarded with UDP requests, because the firewall is denying these requests several times per second. They seem to be directed towards Port 1900 "in via en0". Does anyone know what this means? Is it safe to open all UDP ports, or Port 1900 in particular, or is this likely to be a point of malicious entry? Could these requests be coming from my own wireless router?
Thanks in advance for any advice from anyone out there...
BILL.
G4 Mac OS X (10.4.4)
G4 Mac OS X (10.4.4)Does mac use Universal PnP?
Some routers and other network devices use it to advertise their public name. Just wondering. I'm pretty much a mac newbie 'round these parts...
http://www.google.com/search?hl=en&q=upnpmac&btnG=GoogleSearch -
TCP/UDP ports between Cisco PI 2.0 and WLC5508
Hello,
I will install Cisco PI 2.0 behind a firewall for security reason. The WLC5508 is before a firewall. Can anybody let me know which TCP/UDP ports need to be open specifically between the Cisco PI and WLC? I don't see that from the below link.
Cisco Prime Infrastructure 2.0 Quick Start Guide
http://www.cisco.com/c/en/us/td/docs/net_mgmt/prime/infrastructure/2-0/quickstart/guide/cpi_qsg.html#wp46865
Thanks,
RobertFirewall Between the WCS and Controller or WCS and the WCS User Interface
When a PI server and a PI user interface are on different sides of a firewall, they cannot communicate unless these ports on the firewall are open to two-way traffic:
80 (for initial http)
69 (tftp)
162 (trap port)
443 (https)
Open these ports in order to configure your firewall to allow communications between a PI server and a PI user interface.
Regards
Dont forget to rate helpful posts -
DMVPN-Why received packet doesn't use UDP port 4500 but 500?
Hello everyone
I got a problem with my DMVPN. Spoke is behind a NAT device. x.x.x.x is an public IP address which hub uses. I don't know why it discovered that the hub is also inside a NAT device. And after it sends a packet using port 4500, the received packet from hub was not using port 4500 but 500. I'm confused now. Any advise would be much appreciated.
*Sep 10 08:56:02 UTC: ISAKMP:(0): beginning Main Mode exchange
*Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_NO_STATE
*Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_NO_STATE
*Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM1 New State = IKE_I_MM2
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing SA payload. message ID = 0
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
*Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
*Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching
*Sep 10 08:56:02 UTC: ISAKMP:(0): local preshared key found
*Sep 10 08:56:02 UTC: ISAKMP : Scanning profiles for xauth ...
*Sep 10 08:56:02 UTC: ISAKMP:(0):Checking ISAKMP transform 1 against priority 1 policy
*Sep 10 08:56:02 UTC: ISAKMP: encryption 3DES-CBC
*Sep 10 08:56:02 UTC: ISAKMP: hash MD5
*Sep 10 08:56:02 UTC: ISAKMP: default group 1
*Sep 10 08:56:02 UTC: ISAKMP: auth pre-share
*Sep 10 08:56:02 UTC: ISAKMP: life type in seconds
*Sep 10 08:56:02 UTC: ISAKMP: life duration (VPI) of 0x0 0x1 0x51 0x80
*Sep 10 08:56:02 UTC: ISAKMP:(0):atts are acceptable. Next payload is 0
*Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:actual life: 0
*Sep 10 08:56:02 UTC: ISAKMP:(0):Acceptable atts:life: 0
*Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa vpi_length:4
*Sep 10 08:56:02 UTC: ISAKMP:(0):Fill atts in sa life_in_seconds:86400
*Sep 10 08:56:02 UTC: ISAKMP:(0):Returning Actual lifetime: 86400
*Sep 10 08:56:02 UTC: ISAKMP:(0)::Started lifetime timer: 86400.
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(0): vendor ID seems Unity/DPD but major 69 mismatch
*Sep 10 08:56:02 UTC: ISAKMP (0): vendor ID is NAT-T RFC 3947
*Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM2
*Sep 10 08:56:02 UTC: ISAKMP:(0): sending packet to x.x.x.x my_port 500 peer_port 500 (I) MM_SA_SETUP
*Sep 10 08:56:02 UTC: ISAKMP:(0):Sending an IKE IPv4 Packet.
*Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM2 New State = IKE_I_MM3
*Sep 10 08:56:02 UTC: ISAKMP (0): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_SA_SETUP
*Sep 10 08:56:02 UTC: ISAKMP:(0):Input = IKE_MESG_FROM_PEER, IKE_MM_EXCH
*Sep 10 08:56:02 UTC: ISAKMP:(0):Old State = IKE_I_MM3 New State = IKE_I_MM4
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing KE payload. message ID = 0
*Sep 10 08:56:02 UTC: ISAKMP:(0): processing NONCE payload. message ID = 0
*Sep 10 08:56:02 UTC: ISAKMP:(0):found peer pre-shared key matching x.x.x.x
*Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is Unity
*Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(2746): vendor ID is DPD
*Sep 10 08:56:02 UTC: ISAKMP:(2746): processing vendor id payload
*Sep 10 08:56:02 UTC: ISAKMP:(2746): speaking to another IOS box!
*Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
*Sep 10 08:56:02 UTC: ISAKMP (2746): NAT found, both nodes inside NAT
*Sep 10 08:56:02 UTC: ISAKMP:received payload type 20
*Sep 10 08:56:02 UTC: ISAKMP (2746): My hash no match - this node inside NAT
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_MAIN_MODE
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4 New State = IKE_I_MM4
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Send initial contact
*Sep 10 08:56:02 UTC: ISAKMP:(2746):SA is doing pre-shared key authentication using id type ID_IPV4_ADDR
*Sep 10 08:56:02 UTC: ISAKMP (2746): ID payload
next-payload : 8
type : 1
address : 192.168.1.101
protocol : 17
port : 0
length : 12
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Total payload length: 12
*Sep 10 08:56:02 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Input = IKE_MESG_INTERNAL, IKE_PROCESS_COMPLETE
*Sep 10 08:56:02 UTC: ISAKMP:(2746):Old State = IKE_I_MM4 New State = IKE_I_MM5
*Sep 10 08:56:03 UTC: ISAKMP (2746): received packet from x.x.x.x dport 500 sport 500 Global (I) MM_KEY_EXCH
*Sep 10 08:56:03 UTC: ISAKMP:(2746): phase 1 packet is a duplicate of a previous packet.
*Sep 10 08:56:03 UTC: ISAKMP:(2746): retransmitting due to retransmit phase 1
*Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH...
*Sep 10 08:56:04 UTC: ISAKMP (2746): incrementing error counter on sa, attempt 1 of 5: retransmit phase 1
*Sep 10 08:56:04 UTC: ISAKMP:(2746): retransmitting phase 1 MM_KEY_EXCH
*Sep 10 08:56:04 UTC: ISAKMP:(2746): sending packet to x.x.x.x my_port 4500 peer_port 4500 (I) MM_KEY_EXCH
*Sep 10 08:56:04 UTC: ISAKMP:(2746):Sending an IKE IPv4 Packet.This could be because the port 4500 packet that is being sent is not being received by the peer side or it is ignoring that packet.
Since the port 500 packet that you are receiving is a duplicate of the previous packet it is definitely not a reply packet for the port 4500 packet.
If you can get the debugs from the other end, then you could see if the peer side is receiving the udp port 4500 packets.
If not that then this could be a UDP port 4500 block with the ISP. -
TCP/UDP Ports and site used by FEP to download updates - needed to allow on perimeter firewall
Can some one point me with information like what TCP/UDP ports are utilized by FEP and what DNS / site Name it uses to download FEP Updates. This is needed to tighten perimeter FireWall policies
Thank youIt should be the same as the documentation for all Software Updates:
https://technet.microsoft.com/en-us/library/bcf8ed65-3bea-4bec-8bc5-22d9e54f5a6d#BKMK_ConfigureFirewalls
Make sure to expand the "restrict access to specific domains" section to see the update related URLs. -
Hi,
I noticed in my home router logs that my MAC Mini "scans" UDP ports in the 33xxx range to an address 70.38.54.77 ... a quick search shows others complains but not result or explanation. I am looking to see if this is some piece of sw installed in my MAC or perhaps how to block traffic to/from that IP (or its subnet).
See below - .149 is my MAC mini IP address at home.
Outgoing log
LAN IP address
|
Destination URL or IP address
|
Service or port number
192.168.2.149
70.38.54.77
33495
192.168.2.149
70.38.54.77
33494
192.168.2.149
70.38.54.77
33493
192.168.2.149
70.38.54.77
33492
192.168.2.149
70.38.54.77
33491
192.168.2.149
70.38.54.77
33490
192.168.2.149
70.38.54.77
33489
192.168.2.149
70.38.54.77
33488
192.168.2.149
70.38.54.77
33487
192.168.2.149
70.38.54.77
33486
192.168.2.149
70.38.54.77
33485
192.168.2.149
70.38.54.77
33484
192.168.2.149
70.38.54.77
33483
192.168.2.149
70.38.54.77
33482
192.168.2.149
70.38.54.77
33481
192.168.2.149
70.38.54.77
33480
192.168.2.149
70.38.54.77
33479
192.168.2.149
70.38.54.77
33478
192.168.2.149
70.38.54.77
33477
192.168.2.149
70.38.54.77
33476
192.168.2.149
70.38.54.77
33475
192.168.2.149
70.38.54.77
33474
192.168.2.149
70.38.54.77
33473
192.168.2.149
70.38.54.77
33472
192.168.2.149
70.38.54.77
33471
192.168.2.149
70.38.54.77
33470
192.168.2.149
70.38.54.77
33469
192.168.2.149
70.38.54.77
33468
192.168.2.149
70.38.54.77
33467
Thanks in advance.Is that your IP & ISP?
NetRange: 70.38.54.64 - 70.38.54.95
CIDR: 70.38.54.64/27
OriginAS:
NetName: IWEB-CL-T140-02SH
To see if it's you/your provider, What's my ip...
http://www.whatismyipaddress.com/
Little Snitch, stops/alerts outgoing stuff...
http://www.obdev.at/products/littlesnitch/index.html
And will tell you what wants to use that port, then you can choose to allow or deny. -
Identify Ports for AD - External UDP port scanner
Greetings all,
I am trying to figure out which UDP port is alarming on the "AD - External UDP port scanners (13005)" signature. By default, the signature is set to summarize which looks something like this "NumDestIps=100; currentTHreshold=100. protocol=1".
From the "Protocol = 1" line I am assuming all scanning is hitting up on a single destination protocol - I need to know which protocol / port number.
I've already attempted to turn on "log attacker, pair, and victim" packets. Verbose is not an option for this signature. I have also tried changing alert Frequency to "fire all" or just uncheck the "Summary Mode" box. None of this tells me the destination/victim port. I do see under a protocol field "ICMP" but i don't believe that pertains to the source port. Any ideas on how I might find this information?TCP/445 is used by Microsoft file sharing (CIFS), and by default that port is opened on all Microsoft PC basically to allow file sharing.
If you open up DOS prompt, and type: netstat -na, you would see that your PC is by default listening on TCP/445.
Here is more information on Microsoft-DS (TCP/445):
http://www.linklogger.com/TCP445.htm
http://en.wikipedia.org/wiki/Server_Message_Block
So it really depends on your corporate security policy, whether to allow file sharing or not within the network. IPS is picking that up because it is an easier way of exploiting a PC since the port is opened by default. -
Should I block TCP/UDP ports 135 to 139 on my router?
For the sake of Internet and Desktop security should I block TCP/UDP ports 135 to 139 both ways at all times on my router? This seems to be recommended for Windows environments. Does Mavericks need these ports for its proper operation? When tested, ports 135, 137,18 show as closed whereas all other ports are Stealth. Ideally, they should all be Stealth.
Have a read here: http://securityspread.com/2013/07/26/firewall/
Stealth is just as good as closed, some would argue that stealth is just as much of a giveaway of the port being present as it being closed.
The specific ports you mention pose no risk to OS X as far as I am aware. -
UDP PORT 445 Not listed in System Process
Hi! Can you help me? I need the UDP PORT 445 listed on SYSTEM Process.
I open UDP PORT 445 on Firewall (WSBS 2011), but in Syshelp (symatech validation too) the result is:
Title: One or more network services, ports, protocols or associated processes may need attention
Product: Backup Exec Server
Status: Warning
Details:
Warning SYSTEM's UDP port 445 is not open or listening.
Warning Port is not open or listening.
UDP Process: System
Ok SYSTEM is the correct process for UDP port 137
Ok Port 137 with protocol UDP is open on the following IP addresses: - 25.54.28.213
- 169.254.41.25
- 169.254.244.222
- 192.168.0.6
- 192.168.1.2
Ok Process System has port 137 with protocol UDP open.
Ok Process System has port 137 with protocol UDP open.
Ok Process System has port 137 with protocol UDP open.
Ok Process System has port 137 with protocol UDP open.
Ok Process System has port 137 with protocol UDP open.
Information Network service name not defined. Test skipped.
Information Default settings - Network Service Name: netbios-ns Port: 137 Protocol: UDP Process: System
Ok SYSTEM is the correct process for UDP port 138
Ok Port 138 with protocol UDP is open on the following IP addresses: - 25.54.28.213
- 169.254.41.25
- 169.254.244.222
- 192.168.0.6
- 192.168.1.2
Ok Process System has port 138 with protocol UDP open.
Ok Process System has port 138 with protocol UDP open.
Ok Process System has port 138 with protocol UDP open.
Ok Process System has port 138 with protocol UDP open.
Ok Process System has port 138 with protocol UDP open.
Information Network service name not defined. Test skipped.
Information Default settings - Network Service Name: netbios-dgm Port: 138 Protocol: UDP Process: System
Ok SYSTEM is the correct process for TCP port 445
Ok Port 445 with protocol TCP is open on the following IP addresses: - 0.0.0.0
Ok Process System has port 445 with protocol TCP open.
Information Network service name not defined. Test skipped.
Information Default settings - Network Service Name: microsoft-ds Port: 445 Protocol: TCP Process: SystemHi,
à
I need the UDP PORT 445 listed on SYSTEM Process.
à
Warning SYSTEM's UDP port 445 is not open or listening.
Based on your description, I’m a little confused with this issue. Please run following commands with administrator
permission and monitor the result. Would you please check and confirm whether any process listened the UDP port 445?
netstat –ab
netstat -a | find /i "445"
In addition, I noticed that you use Syshelp (Symantec validation tool) to check. I suggest that you would post
the warning message in Symantec Forum and confirm this issue. I believe we will get a better assistance there.
If anything I misunderstand, please don’t hesitate to let me know.
Hope this helps.
Best regards,
Justin Gu
Maybe you are looking for
-
Issue with OBIEE 11g(11.1.3) Installation
I have installed OBIEE 11g last evening. I was able to connect to the dashboard and run a simple report also – all before shut down. Now when I try to access OBIEE 11g thru port :9704 after starting the BI services, I am getting the following error.
-
My MacBook Pro will not open any app or program that requires Internet, even though I am connected to the web. I recently installed Norton AntiVirus and think it may have changed a setting that I couldn't find. I uninstalled Norton and it didn't help
-
Playing Ps3 on iMac using a thunderbolt
i have a ps3 and i am trying to use an iMac as a screen all i have is the thunderbolt to HDMI cable but when i connect them it doesn't work. can anyone help?
-
Multiple WBS on first level and not deleted properly
Hi Friends, I have a scenario 1. Create project definition L-00001 and first level WBS L-00001 2. In the same level(First level) the user created L-00001-01 and saved but there is validation in level1 they cannot create it, he succeeded to save it Is
-
FYI - Just purchased 16GB USB2 memory stick to boot my MacBook Air
FYI... Have used SuperDuper! 2.5 to clone my internal boot SSD to a 16GB USB2 memory stick. It was successful and a subsequent boot from this USB2 memory stick went smoothly without issues - although it was just a tad slow in booting compared to the