Re: Telnet on port 179

From: Mahesh Shivaswamy (maheshs.cisco@gmail.com)
Date: Wed Oct 22 2008 - 23:43:50 ARST

Thanks Hobbs, that's pretty much it & just wanted to see what error msg BGP
throws when connection dest not get established, which is
R4#debug ip bgp
*Oct 23 02:23:29.891: BGP: 154.1.47.7 open active, local address 154.1.47.4
*Oct 23 02:23:29.891: BGP: 154.1.47.7 open failed: Destination unreachable;
gateway or host down, open active delayed 27540ms (35000ms max, 28% jitter)
R4#
*Oct 23 02:23:57.431: BGP: 154.1.47.7 open active, local address 154.1.47.4
*Oct 23 02:23:57.431: BGP: 154.1.47.7 open failed: Destination unreachable;
gateway or host down, open active delayed 32568ms (35000ms max, 28% jitter)

rgds
Mahesh

On Wed, Oct 22, 2008 at 8:31 PM, Hobbs <deadheadblues@gmail.com> wrote:

> Well this is what I found:
>
> [R1] 192.168.0.1 ---------------- 192.168.0.2 [R2]
>
>
> Scenario 1: Both routers only have IP addresses:
>
> R1#telnet 192.168.0.2 179
> Trying 192.168.0.2, 179 ...
> % Connection refused by remote host
>
>
>
> Scenario 2: Enable BGP on router 2, but don't point a neighbor at R1 (point
> it somewhere else)
>
> R2(config)#router bgp 2
> R2(config-router)#neighbor 192.168.0.3 remote-as 1
>
> R1#telnet 192.168.0.2 179
> Trying 192.168.0.2, 179 ...
> % Connection refused by remote host
>
> Now the question is whether this is defined as "listening" - R2 gives us
> the same response as scenario 1
>
>
>
> Scenario 3: Point a neighbor statement at R1:
>
> Now we get that blank session
>
> R1#telnet 192.168.0.2 179
> Trying 192.168.0.2, 179 ... Open
> hello?
> anyone?
>
> Here the TCP handshake completes and BGP tries to sort things out. This may
> cause BGP notifications on R2 and may cause your terminal to hang on R1. May
> have to log out and clear line or something...it took about 5 minutes for me
> to get my prompt back.
>
> This is on R2:
> *Mar 1 11:06:54.943: %BGP-3-NOTIFICATION: sent to neighbor 192.168.0.11/2 (illegal header length) 0 bytes
>
>
>
> Scenario 4: Block port 179 on R2:
>
> R1#telnet 192.168.0.2 179
> Trying 192.168.0.2, 179 ...
> % Destination unreachable; gateway or host down
>
> This message is an actual ICMP message - unreachable!
>
>
>
> Scenario 5: Block port 179 on R2 and disable ip unreachables:
>
> R1#telnet 192.168.0.2 179
> Trying 192.168.0.2, 179 ...
> % Connection timed out; remote host not responding
>
> Here we get "hung" again for awhile, this time it's different that the TCP
> handshake is not complete, instead I believe we have to wait for TCP to
> timeout, then you get the connection timed out message.
>
>
> Hope that helps, was that what you were looking for?
>
>
>
> On Wed, Oct 22, 2008 at 7:04 PM, Mahesh Shivaswamy <
> maheshs.cisco@gmail.com> wrote:
>
>> My goal is to check what kind of error msg it gives when I block tcp, but
>> before that trying to see the connection goes through before applying the
>> ACL.
>>
>> rgds
>> Mahesh
>>
>>
>> On Wed, Oct 22, 2008 at 7:55 PM, Hobbs <deadheadblues@gmail.com> wrote:
>>
>>> if it was listening you would probably end of with a "blank" telnet
>>> session, like when you telnet to port 80 on an http server...this is my
>>> assumption. not sure of the goal of wanting to know if you are listening on
>>> port 179...why do you need to know this? maybe there is another to do it if
>>> we know your goal.
>>>
>>> Now I have heard of wanting to know if port 179 is being filtered
>>> somewhere in your network, now you can be sure it isn't, because you are
>>> getting the RST from the destination
>>>
>>>
>>> On Wed, Oct 22, 2008 at 6:34 PM, Charles Henson <chenson@gmail.com>wrote:
>>>
>>>> I believe if you sent an RST then you are not listening on 179. Else
>>>> you would have completed the 3 way handshake and then failed on the
>>>> protocol. Someone correct me if I'm wrong here.
>>>>
>>>>
>>>> On 10/22/08, Mahesh Shivaswamy <maheshs.cisco@gmail.com> wrote:
>>>> > I need to chk if SW1 is listening on port 179.
>>>> >
>>>> > rgds
>>>> > Mahesh
>>>> >
>>>> >
>>>> > On Wed, Oct 22, 2008 at 7:00 PM, Hobbs <deadheadblues@gmail.com>
>>>> wrote:
>>>> >
>>>> >> what are you trying to test?
>>>> >>
>>>> >> On Wed, Oct 22, 2008 at 5:54 PM, Mahesh Shivaswamy <
>>>> >> maheshs.cisco@gmail.com> wrote:
>>>> >>
>>>> >>> Hi,
>>>> >>>
>>>> >>> When I telnet on port 23 between R4 & SW1 its fine, but when I
>>>> telnet on
>>>> >>> port 179 I get a connection refuse msg, there is no access list on
>>>> SW1.
>>>> >>>
>>>> >>> R4#telnet 154.1.47.7
>>>> >>> Trying 154.1.47.7 ... Open
>>>> >>>
>>>> >>>
>>>> >>> User Access Verification
>>>> >>>
>>>> >>> Password:
>>>> >>>
>>>> >>> R4#telnet 154.1.47.7 179
>>>> >>> Trying 154.1.47.7, 179 ...
>>>> >>> % Connection refused by remote host
>>>> >>>
>>>> >>> SW1#
>>>> >>> 1d11h: tcp0: I LISTEN 154.1.47.4:18645 154.1.47.7:179 seq
>>>> 2990396955
>>>> >>> OPTS 4 SYN WIN 4128
>>>> >>> 1d11h: TCP: sent RST to 154.1.47.4:18645 from 154.1.47.7:179
>>>> >>>
>>>> >>> SW1#sh run int vlan 47
>>>> >>> Building configuration...
>>>> >>>
>>>> >>> Current configuration : 61 bytes
>>>> >>> !
>>>> >>> interface Vlan47
>>>> >>> ip address 154.1.47.7 255.255.255.0
>>>> >>> end
>>>> >>>
>>>> >>> Any suggestion what is the issue, this is the only way I can test,
>>>> any
>>>> >>> suggestion ?
>>>> >>>
>>>> >>> rgds
>>>> >>> Mahesh
>>>> >>>
>>>> >>>
>>>> >>> Blogs and organic groups at http://www.ccie.net
>>>> >>>
>>>> >>>
>>>> _______________________________________________________________________
>>>> >>> Subscription information may be found at:
>>>> >>> http://www.groupstudy.com/list/CCIELab.html
>>>> >
>>>> >
>>>> > Blogs and organic groups at http://www.ccie.net
>>>> >
>>>> >
>>>> _______________________________________________________________________
>>>> > Subscription information may be found at:
>>>> > http://www.groupstudy.com/list/CCIELab.html
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>> >
>>>>
>>>>
>>>> --
>>>> Charles

Blogs and organic groups at http://www.ccie.net

This archive was generated by hypermail 2.1.4 : Sat Nov 01 2008 - 15:35:22 ARST