Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
676
Views
0
Helpful
1
Replies

N9K show sockets connection

samuel peter
Level 1
Level 1

‎12-01-2021 02:01 AM

Is this kind of vulnerability issues on Cisco N9K? show sockets connection display were LISTEN state and Send-Q are not in zero count. What is it use for?

Total number of netstack raw sockets: 0

Kernel Socket Connection:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port

tcp LISTEN 0 128 *:111 *:*

tcp LISTEN 0 3 127.1.2.1:7891 *:*

tcp LISTEN 0 32 *%veobc:9075 *:*

tcp LISTEN 0 128 *:22 *:*

tcp LISTEN 0 50 *:27000 *:*

tcp LISTEN 0 128 127.0.0.1:7581 *:*

tcp LISTEN 0 50 *:33469 *:*

tcp LISTEN 0 128 *:32765 *:*

tcp LISTEN 0 128 *:32767 *:*

tcp LISTEN 0 64 *:32768 *:*

tcp LISTEN 0 64 *:2049 *:*

tcp LISTEN 0 7 :::21 :::*

tcp LISTEN 0 128 :::22 :::*

tcp LISTEN 0 7 :::512 :::*

tcp LISTEN 0 7 :::513 :::*

tcp LISTEN 0 7 :::514 :::*

Labels:
0 Helpful
1 Reply 1

pman
Spotlight
Spotlight

‎12-01-2021 06:05 AM - edited ‎12-01-2021 06:36 AM

Hi,

@samuel peter wrote:

Is this kind of vulnerability issues on Cisco N9K?

show sockets connection display information about the sockets connection.

Recv-Q

is the Receive Queue. It is the number of bytes that are currently in a receive buffer. Upon reading the socket, the bytes are removed from the buffer and put into application memory. If the Recv-Q number gets too high, packets will be dropped because there is no place to put them.

Send-Q

The count of bytes not acknowledged by the remote host.

@samuel peter wrote:

Is this kind of vulnerability issues on Cisco N9K?

I noticed that port 9075 is LISTEN 
in your case there is no vulnerability (See output of second table attached (with: *% veobc: 9075))
This vulnerability exists because TCP port 9075 is incorrectly configured to listen and respond to external connection requests. An attacker could exploit this vulnerability by sending crafted TCP packets to an IP address that is configured on a local interface on TCP port 9075.
 

To check a device, use the show sockets connection | include 9075 CLI command. If the command does not return output, the device is considered not vulnerable. If the command returns the following output, the device is considered vulnerable:

nexus# show sockets connection | include 9075
tcp LISTEN 0 32 * : 9075                  *:*

If the command returns output that matches the following, the device is considered not vulnerable because the fix has been applied:

nexus# show sockets connection | include 9075
tcp LISTEN 0 32 *%veobc:9075              *:*
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card