Re: What IOS command will show the TCP ports that are listening on a

jkeeffe · ‎08-03-2011

A vulnerablitiy scan of some of our IOS devices report that the devices are running a 'vulnerable ISAKMP service' on port 500. These may be false positives because there is nothing configured on the devices that use ISAKMP. So if I can show that the devices are not listening on TCP port 500, I can put this report to bed.

cadet alain · ‎08-03-2011

Hi,

This command should do the trick: show control-plane host open-ports

Regards.

Alain.

Don't forget to rate helpful posts.

waninfeng · ‎04-29-2024

Hi Alain,

Would you know is there a similar command for XE?

James

smogra · ‎08-03-2011

Yup that correct. The command is :

Router# show control-plane host open-ports

Please refer this link also for more explanation:

http://packetlife.net/blog/2008/dec/3/listing-open-sockets-ios/

Cheers

Sweta

Please rate the content if it was useful.

Jon Marshall · ‎08-04-2011

Jeff

Just a quick question. What device is it that you are checking ?

Oh and port 500 for IKE will be udp not tcp.

Jon

jkeeffe · ‎08-04-2011

The 'show control-plane ....' command is not available on the devices in question. Here are two of them:

7206 router IOS 12.3(16a)

6509 IOS 12.2(17d)SXB8

I know these are really old IOS codes so maybe the fix is to upgrade them.

manju.cisco · ‎08-04-2011

I'm not sure.......but another such smililar command show tcp brief all might be available.

diptiranjan · ‎06-13-2024

For cisco ios-xe :- show tcp brief all
will show all tcp port that are open.

What IOS command will show the TCP ports that are listening on a device?