Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
11996
Views
5
Helpful
2
Replies

verify if port is open

Go to solution
tolinrome tolinrome
Level 1
Level 1

‎01-24-2014 11:40 AM - edited ‎03-11-2019 08:35 PM

How can I verify if port 443 is really listening on a server? The firewall has an acl for incoming traffic allowing 443 to a specific server, but when I go to the server its being hosted on it shows port 80. Before I disable the rule I want to be truly sure that 443 is not listening on the server, how can I verfify? Going to https:// would not be an option. In the firewall this rul has very little hits which makes me unsure if it is being used (443), could the hits be that every time I go to https://url.com the hit increases so it is only me?

Thanks.

2 people had this problem
Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-24-2014 11:58 AM

Hi,

I mean if its a windows machine then I imagine that the command prompt on the actual server with the command "netstat -a" would tell you what ports the server is listening on.

The hitcount of the interface ACL is increased by both connections attempts or successfull connections through the firewall and also if you have used "packet-tracer" command then this would also increase the hitcounter.

You can also ping a TCP port on the ASA if your software is new enough.

ping tcp 443

You can also set "source" parameter to the above command.

If the server replied anything you could also confirm that with capture either on the ASA itself or on some host.

- Jouni

View solution in original post

2 Replies 2

Go to solution
Jouni Forss
VIP Alumni
VIP Alumni

‎01-24-2014 11:58 AM

Hi,

I mean if its a windows machine then I imagine that the command prompt on the actual server with the command "netstat -a" would tell you what ports the server is listening on.

The hitcount of the interface ACL is increased by both connections attempts or successfull connections through the firewall and also if you have used "packet-tracer" command then this would also increase the hitcounter.

You can also ping a TCP port on the ASA if your software is new enough.

ping tcp 443

You can also set "source" parameter to the above command.

If the server replied anything you could also confirm that with capture either on the ASA itself or on some host.

- Jouni

Go to solution
tolinrome tolinrome
Level 1
Level 1
In response to Jouni Forss

‎01-24-2014 12:19 PM

Thanks!

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card