Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2020
Views
0
Helpful
2
Replies

UDP Ports Open on Device

Daniel Smith
Level 1
Level 1

‎04-16-2012 09:31 AM - edited ‎03-03-2019 06:32 AM

As a public utility, we must comply with a host of network requirements handed down by NERC. One of these is the documentation of 'open' ports on network devices. That is to say, a tcp or udp port that the device is listening on or will accept connections on. A useful command for this kind of investigation is 'show control-plane host open-ports'; the output of which is shown here:

Active internet connections (servers and established)

Prot               Local Address             Foreign Address                  Service    State

tcp                        *:23                         *:0                   Telnet   LISTEN

tcp                        *:23          167.239.80.1:59714                   Telnet ESTABLIS

udp                     *:50162                         *:0                  IP SNMP   LISTEN

udp                     *:54154            10.92.192.67:514                   Syslog ESTABLIS

udp                       *:123                         *:0                      NTP   LISTEN

udp                      *:4500                         *:0                   ISAKMP   LISTEN

udp                       *:161                         *:0                  IP SNMP   LISTEN

udp                       *:162                         *:0                  IP SNMP   LISTEN

udp                      *:1975                         *:0                      IPC   LISTEN

udp                       *:500                         *:0                   ISAKMP   LISTEN

It is my understanding that enabling SNMP management of the device will result in the line above with port 50162. However, this is a random high port that is different on every device tested - see below for other examples:

udp                     *:54006                         *:0                  IP SNMP   LISTEN

udp                     *:52786                         *:0                  IP SNMP   LISTEN

I am hoping to find out what the defind range for these ports might be so that we can document appropriately?

Labels:
0 Helpful
2 Replies 2

Preston Chilcote
Cisco Employee
Cisco Employee

‎04-27-2012 10:36 AM

It can be any port that isn't reserved.  The reserved ports go up to 1024.  The port number allocated is randomized for security.

0 Helpful

alejreyes
Level 1
Level 1

‎06-20-2019 11:36 AM

Hi, we also have to report to NERC and are doing this exercise with the Listening ports.  We contacted our Cisco Account manager and he was able to provide us Cisco documentation on several ports and port ranges that the devices are using.  There are various ports that are open be default and cannot be closed due to Bugs.  Good luck.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents