Support Support Downloads Knowledge Base Case Manager My Juniper Community

Knowledge Base

Search our Knowledge Base sites to find answers to your questions.

Ask All Knowledge Base Sites All Knowledge Base Sites JunosE Defect (KA)Knowledge BaseSecurity AdvisoriesTechnical BulletinsTechnotes Sign in to display secure content and recently viewed articles

[Junos] How to identify the process that is listening on a specific port

0

0

Article ID: KB21222 KB Last Updated: 29 Mar 2020Version: 5.0
Summary:

This article describes how to find the open ports on a device and how to identify the process that is using a specific port.

 

Symptoms:

While troubleshooting an issue, users need to identify the process that is using a specific port or may want to discover all the open ports on a device.

 

Solution:

In order to discover all the open ports on a device or to identify the process which is using a specific port, use the following commands:

  1. From Operational mode:   show system connections
  2. From Shell mode:      netstat –Aa   ( to get the protocol control block, PCB)
  3. From Shell mode:   fstat (to get the process using the PCB from the previous command)

show system connections

The output of “show system connections” is saved before and after enabling a system service, and then the file compare utility is run to get the port used by that newly enabled service.
root@srx> show system connections | no-more
Active Internet connections (including servers)
Proto Recv-Q Send-Q Local Address Foreign Address (state)
tcp46 0 0 *.443 *.* LISTEN
tcp46 0 0 *.80 *.* LISTEN
tcp4 0 0 *.23 *.* LISTEN
tcp4 0 0 *.22 *.* LISTEN
tcp4 0 0 128.0.1.16.6200 *.* LISTEN
tcp4 0 0 *.6161 *.* LISTEN
tcp4 0 0 *.705 *.* LISTEN
tcp4 0 0 *.38 *.* LISTEN
tcp4 0 0 *.6154 *.* LISTEN
tcp4 0 0 *.6153 *.* LISTEN
tcp4 0 0 *.33013 *.* LISTEN
tcp4 0 0 *.9000 *.* LISTEN
tcp4 0 0 *.514 *.* LISTEN
tcp4 0 0 *.513 *.* LISTEN
tcp4 0 0 *.6156 *.* LISTEN
tcp4 0 0 *.666 *.* LISTEN
tcp4 0 0 *.6234 *.* LISTEN
udp4 0 0 *.67 *.*
udp46 0 0 *.514 *.*
udp4 0 0 *.514 *.*
udp46 0 0 *.848 *.*
udp4 0 0 *.848 *.*
udp46 0 0 *.4500 *.*
udp4 0 0 *.4500 *.*
udp46 0 0 *.500 *.*
udp4 0 0 *.500 *.*
udp4 0 0 *.31342 *.*
udp46 0 0 *.65131 *.*
udp4 0 0 *.58921 *.*
udp46 0 0 *.49152 *.*
udp46 0 0 *.4784 *.*
udp46 0 0 *.3784 *.*
udp4 0 0 *.49152 *.*
udp4 0 0 *.4784 *.*
udp4 0 0 *.3784 *.*
udp4 0 0 *.6333 *.*
ip4 0 0 *.* *.*

root@srx> show system connections | save before
Wrote 39 lines of output to 'before'

In this example, the NETCONF service is enabled, which is required for managing the J/SRX device via NSM. (See KB16246 - How to prepare Junos device for NSM connectivity for more information.)
root@srx> edit
Entering configuration mode
root@srx# set system services netconf ssh

[edit]
root@srx# commit
commit complete

[edit]
root@srx# run show system connections | save after
Wrote 40 lines of output to 'after'

[edit]
root@srx# run file compare files before after
2a3
> tcp4 0 0 *.830 *.* LISTEN

This shows that the NETCONF service will be listening on port 830/TCP (default for NETCONF, which can be changed, as shown later). Also note, 7804 is the default Server Port for NSM.

netstat -Aa and fstat

[edit]
root@srx# run start shell
root@srx% netstat -Aa | grep 830
c21dd5f4 tcp6 0 0 *.830 *.* LISTEN
c22ea9ec tcp4 0 0 *.830 *.* LISTEN

root@srx% fstat | grep c22ea9ec
root inetd 1059 9* internet stream tcp c22ea9ec

root@srx% fstat | grep c21dd5f4
root inetd 1059 10* internet6 stream tcp c21dd5f4
 

inetd

Now we have the process inetd, which is listening on TCP port 830. To test it, change the default NETCONF port to 1234. Note the results below:

root@srx% cli
root@srx> edit
Entering configuration mode
[edit]
root@srx# set system services netconf ssh port 1234

[edit]
root@srx# commit
commit complete

[edit]
root@srx# run show system connections | match 1234
tcp4 0 0 *.1234 *.* LISTEN

[edit]
root@srx# run start shell
root@srx% netstat -Aa | grep 1234
c22ea5f4 tcp6 0 0 *.1234 *.* LISTEN
c21dd000 tcp4 0 0 *.1234 *.* LISTEN
root@srx% fstat |grep c21dd000
root inetd 1059 16* internet stream tcp c21dd000

If a user sees a port and wishes to check or confirm that the service belongs to either "Well known port numbers", "Berkeley-specific services", "Registered port numbers" or is Juniper specific, run the commands below:

Operational command:
> file show /etc/services

Root equivalent command:
% cat /etc/services


router@lab> file show /etc/services

#
# Network services, Internet style
#
# Note that it is presently the policy of IANA to assign a single well-known
# port number for both TCP and UDP; hence, most entries here have two entries
# even if the protocol doesn't support UDP operations.
#
# The latest IANA port assignments can be gotten from
#
#       http://www.iana.org/assignments/port-numbers
#
# The Well Known Ports are those from 0 through 1023.
# The Registered Ports are those from 1024 through 49151
# The Dynamic and/or Private Ports are those from 49152 through 65535
#
# Kerberos services are for Kerberos v4, and are unofficial.  Sites running
# v5 should uncomment v5 entries and comment v4 entries.
#
# $FreeBSD: src/etc/services,v 1.102.8.1 2006/01/29 11:32:48 maxim Exp $
#       From: @(#)services      5.8 (Berkeley) 5/9/91
#
# WELL KNOWN PORT NUMBERS
#
rtmp              1/ddp    #Routing Table Maintenance Protocol
tcpmux            1/tcp    #TCP Port Service Multiplexer
tcpmux            1/udp    #TCP Port Service Multiplexer
nbp               2/ddp    #Name Binding Protocol
compressnet       2/tcp    #Management Utility
compressnet       2/udp    #Management Utility
compressnet       3/tcp    #Compression Process
compressnet       3/udp    #Compression Process
daytime          13/udp
qotd             17/tcp    quote        #Quote of the Day
qotd             17/udp    quote        #Quote of the Day
msp              18/tcp    #Message Send Protocol
msp              18/udp    #Message Send Protocol
chargen          19/tcp    ttytst source        #Character Generator
chargen          19/udp    ttytst source        #Character Generator
ftp-data         20/tcp    #File Transfer [Default Data]
ftp-data         20/udp    #File Transfer [Default Data]
ftp              21/tcp    #File Transfer [Control]
ftp              21/udp    #File Transfer [Control]
ssh              22/tcp    #Secure Shell Login
ssh              22/udp    #Secure Shell Login
telnet           23/tcp
telnet           23/udp
#                24/tcp    any private mail system

<<<<<<<OUTPUT CUT>>>>>>>

# The following services are Juniper specific.
#

echo              7/rdp
daytime          13/rdp
chargen          19/rdp    ttytst source        #Character Generator
bootpd           67/udp    #Bootstring Server
tftp             69/udp    #Trivial File Transfer
login           513/rdp    #remote login
cmd             514/rdp    shell                # like exec, but automatic
rpd             666/tcp    #jnx rpd
relay-server    980/rdp    #jnx relay
ppmd           1011/rdp    #jnx ppmd
sampled        1018/udp    #jnx packet-capture
sampled        1019/udp    #jnx sampled
pfed           1020/rdp    #jnx pfed
chassisd       1021/rdp    #jnx chassisd
cprod          1022/rdp    #jnx cprod
ipc_test       1023/rdp    #jnx ipc test
l2ald          1025/rdp    #jnx l2ald

 

Modification History:

2020-03-29: Article checked for accuracy and found to be valid and accurate

 

Related Links

Comment on this article > Affected Products Browse the Knowledge Base for more articles related to these product categories. Select a category to begin.

Getting Up and Running with Junos

Getting Up and Running with Junos Security Alerts and Vulnerabilities Product Alerts and Software Release Notices Problem Report (PR) Search Tool EOL Notices and Bulletins JTAC User Guide Customer Care User Guide Pathfinder SRX High Availability Configurator SRX VPN Configurator Training Courses and Videos End User Licence Agreement Global Search