Here’s how to check if port is listening on a Windows Server.
Log in to the destination server.
netstat -ano | find "443" | find "LISTEN" tasklist /fi "PID eq "443" |
port
Powershell Test Network Connection
Here’s the command to test a network connection in Powershell.
C:> Test-NetConnection -ComputerName server -Port 443 |
Result:
ComputerName : server RemoteAddress : 10.0.0.5 RemotePort : 443 InterfaceAlias : Ethernet 0 SourceAddress : 10.1.1.34 TcpTestSucceeded : True |
Splunk Search for Tanium Clients
Here’s the Splunk search for Tanium clients reporting to the Tanium server.
"data.jsonPayload.rule_details.direction"=EGRESS "data.jsonPayload.connection.src_ip"="10.0.0.1" "data.jsonPayload.connection.dest_port"=17472 |
Passive FTP Firewall
Passive FTP is a FTP mode that alleviates the issues with client firewalls. The client initiates a call to the server. The return traffic is allowed as long as the client has initiated it. In addition, the server sends a port command along with an ephemeral port that the client can connect to. The client initiates a call on that ephemeral port, and the connection is then established.
Egress port 21 and ephemeral ports 1024-65535 needs to be opened from the client side.
# From the client side, egress port 21 must be open. tcp:21 # From the client side, ephemeral ports from port 1024 to 165535 must be open. tcp:1024-165535 |
SFTP Login
How to login using SFTP on a non-standard port.
sftp -oPort=2233 username@servername |
Get list of commands.
sftp help |
Testing a Network Port Connection
You can test a network port connection using the “nc” command on Linux and “telnet” on Windows.
Format:
$ nc -zv domain.com port
C:\> telnet domain.com port
$ nc -zv domain.com 80 Connection to domain.com 80 port [tcp/http] succeeded! |
C:\> telnet -zv domain.com 80 Connecting To domain.com...Could not open connection to the host, on port 80: Connect failed |
For Telnet, if a connection is successful, it returns no message.