12-01-2021 02:01 AM
Is this kind of vulnerability issues on Cisco N9K? show sockets connection display were LISTEN state and Send-Q are not in zero count. What is it use for?
Total number of netstack raw sockets: 0
Kernel Socket Connection:
Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port
tcp LISTEN 0 128 *:111 *:*
tcp LISTEN 0 3 127.1.2.1:7891 *:*
tcp LISTEN 0 32 *%veobc:9075 *:*
tcp LISTEN 0 128 *:22 *:*
tcp LISTEN 0 50 *:27000 *:*
tcp LISTEN 0 128 127.0.0.1:7581 *:*
tcp LISTEN 0 50 *:33469 *:*
tcp LISTEN 0 128 *:32765 *:*
tcp LISTEN 0 128 *:32767 *:*
tcp LISTEN 0 64 *:32768 *:*
tcp LISTEN 0 64 *:2049 *:*
tcp LISTEN 0 7 :::21 :::*
tcp LISTEN 0 128 :::22 :::*
tcp LISTEN 0 7 :::512 :::*
tcp LISTEN 0 7 :::513 :::*
tcp LISTEN 0 7 :::514 :::*
12-01-2021 06:05 AM - edited 12-01-2021 06:36 AM
Hi,
@samuel peter wrote:Is this kind of vulnerability issues on Cisco N9K?
show sockets connection display information about the sockets connection.
Recv-Q
is the Receive Queue. It is the number of bytes that are currently in a receive buffer. Upon reading the socket, the bytes are removed from the buffer and put into application memory. If the Recv-Q number gets too high, packets will be dropped because there is no place to put them.
Send-Q
The count of bytes not acknowledged by the remote host.
@samuel peter wrote:Is this kind of vulnerability issues on Cisco N9K?
To check a device, use the show sockets connection | include 9075 CLI command. If the command does not return output, the device is considered not vulnerable. If the command returns the following output, the device is considered vulnerable:
nexus# show sockets connection | include 9075
tcp LISTEN 0 32 * : 9075 *:*
If the command returns output that matches the following, the device is considered not vulnerable because the fix has been applied:
nexus# show sockets connection | include 9075
tcp LISTEN 0 32 *%veobc:9075 *:*
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide