topic Re: testing for port activity in Operating System - HP-UX

testing for port activity

Michael Murphy_2 — Fri, 28 Aug 2009 17:46:17 GMT

hi - we used to use telnet to test for activity/listening on port - now security is shutting down all telnet - is there another solution or is ssh able to be used? The way we use it is telnet port from outside to see if a process has a port open.

Re: testing for port activity

Andrew Rutter — Fri, 28 Aug 2009 18:05:59 GMT

hi,

yes you can use ssh on hpux

which version hpux are you running?

you can also see which ports are listening/open with netstat commands

#netstat -a

will list all ports as defined in /etc/services and /etc/inetd.conf

Andy

Re: testing for port activity

Michael Murphy_2 — Fri, 28 Aug 2009 18:09:12 GMT

Sorry - that is not what i am looking for - i am looking for a way externally to ping a port to tell if it is busy - telnet used to allow you to do that and response would look different if there was a service on the port or not...Those who have used it before know what i am talking about

Re: testing for port activity

sen_ux — Fri, 28 Aug 2009 18:19:12 GMT

I think ssh can be used here.
ssh hostname -p port
if the port is busy or closed, it will refuse the connection.else it just hangs.

Re: testing for port activity

Tingli — Fri, 28 Aug 2009 18:40:12 GMT

I think telnet can still do the job.

Re: testing for port activity

Matti_Kurkela — Fri, 28 Aug 2009 18:46:24 GMT

"Shutting down all telnet" usually means "disabling the telnetd server on all hosts" and/or "preventing access to port TCP/23 in all firewalls". That does not stop you from using a telnet client for diagnostic connections to other ports, just as before.

If, on the other hand, your security folks are implementing the restriction by mandating the removal of the telnet _clients_, my opinion of the skill level of those security folks would be pretty low.

A telnet client is a small binary (fits on a single old 3.5" disk!) that requires no special privileges. So anyone who can bring a file to a system can easily use his/her own telnet binary or copy it from another system, and an intruder would most likely use his/her own tools to minimize the amount of log traces anyway.

On the other hand, if one of the requirements is to make the telnet client non-executable by ordinary users, I would have no problem with that. Our systems already have separate group for sysadmin-level user accounts: I would just make telnet executable by that group only.

chgrp unixadm /usr/bin/telnet
chmod 550 /usr/bin/telnet

Of course, you might also use the removal of the telnet clients as a justification for installing a more powerful network diagnostic tool or two - for admin use only.

For example, the open-source netcat (nc) can be used to test both TCP and UDP connections, unlike telnet which can do only TCP. It is also easier to script for automated testing.

Tcpdump is also very useful (because it understands a lot of network protocols and allows dumping the payload data in a meaningful format), and is freely available from HP in the HP-UX Internet Express kit. (from software.hp.com for 11.23 and 11.31 only; for 11.11, find an Internet Express CD among your HP-UX 11.11 media kits and use that).

MK