Latest Blog Posts

Newsletter

 

For a Free Quote...

3 minutes reading time (653 words)

How to Determine What Ports are Active on a Server

Active Server Ports 

I spent most of last week on the visiting customers. Many of them were working on projects to reduce the number of physical servers hosted in their data centers. In some cases, they wanted to move the servers to cloud service such as AWS or Azure. In others, they wanted to virtualize the servers locally on platforms such as VMWare ESX.

One of the challenges many network managers have is how to determine what network ports are active on servers and what ports were active in the past. When one device sends traffic to another, the IP address is used to route that traffic to the appropriate place. Once the traffic reaches the right place, the device needs to know which app or service to send the traffic on to. That's where ports come in. An active server port is one which is read to accept connections from a clients. Examples include TCP port 80 for HTTP and TCP port 25 for SMTP email.

​Network managers need a real time and historical report showing them what ports were in use so that they can update firewall rules and access lists. Many networks now contain trusted systems such as company owned PC's, but also non trusted systems such as contractor's laptops. It is vital that you protect servers by only allowing connections on vertain ports and from certain networks.

 Generating a list of active server ports

 While command line utilities such as netstat can give you a real-time view network connections (both incoming and outgoing), it does not provide historical reporting. Some network ports on a server may only become active when certain applications are used.

 Another option is to monitor network traffic going to and from your servers. If the server accepts a connection on a certain port, it will generate network traffic. All you need to do is monitor that traffic using a SPAN, mirror port or TAP, and capture the active port metadata. The metadata will reveal the source IP addresses, port information and the amount of data transferred.

 Network traffic analysis systems, which are application aware, can also reveal what applications are running on the server. You may have a web server running over a non standard port like TCP port 8000, for example.

​Reporting on active server ports using LANGuardian

Our LANGuardian product can provide a real-time and historical view of what ports are active on your servers. It does this by analyzing network traffic and then extracting application and port information which is stored in a database.

The screenshot below shows a sample report where I focus on a server (10.1.97). Use the search box at the top of the LANGuardian GUI and enter ports. Select the report Bandwidth::Ports, Services and Protocols. Enter the IP address of the server you want to query into the Destination IP/Subnet field, select a time frame range for the report, and then run it. Click on the image below to access a sample report on our online demo.

 The total column in this report shows the amount of data that has been sent or received by the server on each port number for the selected time period. The Server Port (Service) column lists the ports that were active on the server. Clicking on the Total column will also reveal what applications are using the ports. You just need to drill down to the Bandwidth :: Sessions report and check the protocol column. Click on the image below to access a sample report on our online demo.

If you have any questions about how to monitor traffic on your network using LANGuardian, or would like to know more about how it can be used to report on what ports your servers are using, do not hesitate to contact us and speak with our technical support team.

Thank you to Darragh Delaney from NetFort for the article. 

Key Components of an APM Solution
Eastlink Expands Mobile Network to Alberta
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Sunday, 19 May 2019

Captcha Image

Contact Us

Address:

Telnet Networks Inc.
100 Strowger Blvd, Suite 118, Brockville, ON, K6V 5J9, Canada

Phone:

(800) 561-4019

Fax:

613-498-0075

For More Information about Telnet Networks, our products, or our services, or to request a quote please feel free to contact us directly.