cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
33047
Views
16
Helpful
7
Replies

What IOS command will show the TCP ports that are listening on a device?

jkeeffe
Level 2
Level 2

A vulnerablitiy scan of some of our IOS devices report that the devices are running a 'vulnerable ISAKMP service' on port 500. These may be false positives because there is nothing configured on the devices that use ISAKMP. So if I can show that the devices are not listening on TCP port 500, I can put this report to bed.

7 Replies 7

cadet alain
VIP Alumni
VIP Alumni

Hi,

This command should do the trick:  show control-plane host open-ports

Regards.

Alain.

Don't forget to rate helpful posts.

Hi Alain,

Would you know is there a similar command for XE?

 

James

smogra
Cisco Employee
Cisco Employee

Yup that correct. The command is :

Router# show control-plane host open-ports

Please refer this link also for more explanation:

http://packetlife.net/blog/2008/dec/3/listing-open-sockets-ios/

Cheers

Sweta

Please rate the content if it was useful.

Jon Marshall
Hall of Fame
Hall of Fame

Jeff

Just a quick question. What device is it that you are checking ?

Oh and port 500 for IKE will be udp not tcp.

Jon

The 'show control-plane ....' command is not available on the devices in question. Here are two of them:

7206 router IOS 12.3(16a)

6509  IOS 12.2(17d)SXB8

I know these are really old IOS codes so maybe the fix is to upgrade them.

I'm not sure.......but another such smililar command show tcp brief all might be available.

diptiranjan
Level 1
Level 1

For cisco ios-xe :- show tcp brief all
will show all tcp port that are open. 

Screenshot 2024-06-14 at 10.29.27 AM.png

Review Cisco Networking for a $25 gift card