Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
3585
Views
2
Helpful
6
Replies

How to check application / server listening to specific port

shailesh.hardas
Level 1
Level 1

‎10-18-2017 04:51 AM - edited ‎03-01-2019 05:21 AM

Usually, we use tenet <IP> <port> from traditional switch or router to check server listening to the port.

 

like ping ==> iping and traceroute ==> itraceroute used in ACI

 

Do we have any mechanism to check similar thing.

 

Thanks in advance.

1 person had this problem
Labels:
6 Replies 6

gmonroy
Cisco Employee
Cisco Employee

‎10-18-2017 09:31 AM

Shailesh,

    A few questions:

1. What src/dst IPs are you trying to test port connectivity from/to?

    a. IPs local to switch nodes/APIC nodes?

    b. Endpoints?

 

If you are trying to see what is opened for endpoints to communicate with, you can check the following from an apic:

> show contract *contract_name*

> show access-list *access-group-name*

 

If you are looking to catch denies or permits given active traffic flows, you can refer to the following document:

APIC Security Guide

 

-Gabriel

0 Helpful

shailesh.hardas
Level 1
Level 1
In response to gmonroy

‎10-18-2017 10:11 PM

Thanks Gabriel for responding.

 

my query is how we can ensure endpoint listening on port 80 or it's a valid http server. In the traditional switches we used to use

 

telnet <IP of server> 80 and it used to respond.

 

Looking for similar arrangement in ACI.

 

Hope I'm able to spell my query correctly.

 

Thanks in advance

 

0 Helpful

nvermand
Cisco Employee
Cisco Employee
In response to shailesh.hardas

‎10-19-2017 03:42 AM

Hi,

You can use nmap from any Linux based workstation. Don't do this from a switch or ACI.

 

Nicolas

0 Helpful

shailesh.hardas
Level 1
Level 1
In response to nvermand

‎10-20-2017 01:34 AM

Thanks, this we need to do when we don't have access to end servers / and no reachability to system administrator.

 

So wanted to check similar arrangement / method in ACI to check this.

 

 

0 Helpful

Justin Thompson
Level 1
Level 1

‎11-11-2020 06:14 AM

Has anyone found a way to do this from an ACI Leaf switch?  This would be super handy

Ali Aghababaei
Level 1
Level 1

‎11-12-2020 10:18 AM

Hi @shailesh.hardas 

 

You can do it on Operational> Visibility & Troubleshooting .

iTraceroute supports ICMP, UDP, and TCP. When using UDP or TCP as the Layer 4 protocol, a source or range of source ports can be specified, as can a destination port or port range. The leaf ASIC decides how to forward this packet as if the source host sent it.

 

Hope you will find it helpful.

Ali

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License