04-16-2012 09:31 AM - edited 03-03-2019 06:32 AM
As a public utility, we must comply with a host of network requirements handed down by NERC. One of these is the documentation of 'open' ports on network devices. That is to say, a tcp or udp port that the device is listening on or will accept connections on. A useful command for this kind of investigation is 'show control-plane host open-ports'; the output of which is shown here:
Active internet connections (servers and established)
Prot Local Address Foreign Address Service State
tcp *:23 *:0 Telnet LISTEN
tcp *:23 167.239.80.1:59714 Telnet ESTABLIS
udp *:50162 *:0 IP SNMP LISTEN
udp *:54154 10.92.192.67:514 Syslog ESTABLIS
udp *:123 *:0 NTP LISTEN
udp *:4500 *:0 ISAKMP LISTEN
udp *:161 *:0 IP SNMP LISTEN
udp *:162 *:0 IP SNMP LISTEN
udp *:1975 *:0 IPC LISTEN
udp *:500 *:0 ISAKMP LISTEN
It is my understanding that enabling SNMP management of the device will result in the line above with port 50162. However, this is a random high port that is different on every device tested - see below for other examples:
udp *:54006 *:0 IP SNMP LISTEN
udp *:52786 *:0 IP SNMP LISTEN
I am hoping to find out what the defind range for these ports might be so that we can document appropriately?
04-27-2012 10:36 AM
It can be any port that isn't reserved. The reserved ports go up to 1024. The port number allocated is randomized for security.
06-20-2019 11:36 AM
Hi, we also have to report to NERC and are doing this exercise with the Listening ports. We contacted our Cisco Account manager and he was able to provide us Cisco documentation on several ports and port ranges that the devices are using. There are various ports that are open be default and cannot be closed due to Bugs. Good luck.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide