Find the answer to your Linux question:
Results 1 to 3 of 3
I have a network that uses a server in my basement at a gateway. It runs iptables. All net traffic in the house to the outside passes through this. Is ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Nov 2009
    Posts
    4

    How to determine what ports an application uses


    I have a network that uses a server in my basement at a gateway. It runs iptables. All net traffic in the house to the outside passes through this. Is there a way to monitor the traffic to see what ports an application needs? From time to time we run apps that need particular ports open ... e.g., our local library doesn't use port 80 ... I'd like to be able to see what ports an application is using. I've tried netstat but cannot see what ports are being used. Any suggestion on how to do this? (Right now I google until I find what ports an application uses ... but as more devices appear in the house this gets to be a pain.

  2. #2
    Just Joined!
    Join Date
    Aug 2009
    Location
    Mumbai, India
    Posts
    95
    Hi,

    Hoping I'm right in understanding your query. The gateway is the linux system through which traffic for all devices are routed & the outbound traffic on this server is controller via iptables.

    You could run tcpdump on this servers to find the source port and destination IP + port for a particular. e.g. for device with IP 1.2.3.4 ( subsitute interface_name with eth0/ eth1 etc.. as applicable ). tcpdump help detect all traffic passing through the server / interface

    Code:
    tcpdump -vv -nn -i <interface_name> host 1.2.3.4
    --Syd

  3. #3
    Just Joined!
    Join Date
    Nov 2009
    Posts
    4
    Yep that does the trick. I'd used tcpdump before, but it is just a huge amount of information. Your switches helped. Just for reference for anyone reading this thread and needs to do the same thing:

    1. The connection to the outside world for all my computer is through a linux server. eth0 is hooked to the outside, eth1 to the internal network. IPTables do the necessary magic so requests from inside go to the outside. (Yeah, yeah, I know there are more modern devices that do these, but this server has been in place and upgraded for years.)

    2. Many, many ports are closed by iptables, and as necessary exceptions are made.

    3. The odd program comes along (e.g., Kodak's imaging software for medical use!) that have their own ports. To find out what ports it needs I used tcpdump ... often changing host to dst net xxx.xxx.xxx.xxx once I know what it is connecting to. The proper ports are tacked to the tail of this address tcpdump reports.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •