I'm using an ssh tunnel to forward a port to a db server.
Let's say I'm using mysql, so my ssh command would be something along the lines of
ssh -fqTN -L 12345:127.0.0.1:3306 user#server.com
based on the method of transfer (sync from or sync to) I want to use either the -L or -R flags.
I do need the -L flag at first though, so I open the tunnel above anyway.
My question is though -
If after now run
ssh -fqTN -R 12345:127.0.0.1:3306 user#server.com
Will it replace the above command and make a reverse tunnel on the same port?
The second command will not "replace" the first command, but it will work just fine.
You started with:
ssh -fqTN -L 12345:127.0.0.1:3306 user#server.com
This opens port 12345 on your local system and forwards it to 127.0.0.1:3306 from the perspective of the remote system, so that you can access the mysql server on the remote system using local port 12345.
The second command...
ssh -fqTN -R 12345:127.0.0.1:3306 user#server.com
...opens port 12345 on the remote system and forwards it to 127.0.0.1:3306 from the perspective of your local system, allowing the remote system to access a mysql server on your local host via port 12345.
This doesn't conflict with the original command, so these can both be run at the same time.
Update
Responding to your comment here, because I want to quote some command output:
If I run:
ssh -R 12345:127.0.0.1:3306 remote_system
Then on remote_system I run lsof -i -n, I see:
sshd 23280 lars 10u IPv6 37263762 0t0 TCP [::1]:italk (LISTEN)
sshd 23280 lars 11u IPv4 37263763 0t0 TCP 127.0.0.1:italk (LISTEN)
And from /etc/services, we see that italk is port 12345. If you add -P to your lsof command line it will not try to translate port numbers to service names:
# lsof -i -n -P | grep 12345
sshd 23280 lars 10u IPv6 37263762 0t0 TCP [::1]:12345 (LISTEN)
sshd 23280 lars 11u IPv4 37263763 0t0 TCP 127.0.0.1:12345 (LISTEN)
Related
I have two machines
ssh Machine1-IPv4
ssh -R 15:localhost:15 Machine2-IPv4
On the Machine2-IPv4, I can run
telnet ::1 15
netstat -ptln | grep 15 shows
tcp6 ... ::1:53 ...
However, I need an IPv4. What causes the IP to be IPv6?
I would like to use snmp to monitor my localhost and have installed the corresponding package on Ubuntu 18.03 with apt install snmp. Without having changed the default configuration, I have launched the daemon with systemctl start snmpd. After launching the daemon the output of lsof -i -n | grep snmpd is as follows:
snmpd 14668 Debian-snmp 12u IPv4 13252990 0t0 UDP 127.0.0.1:snmp
snmpd 14668 Debian-snmp 13u IPv4 13252988 0t0 UDP *:41898
I am wondering about the second line of the output as the port has been opened to the outside. Restarting the daemon changes the open port to another (randomized?) high port number. I have been looking up this behaviour a couple of hours and wasn´t able to find any explanation.
Can anybody explain to me whats going on here or how to disable/remove the open port?
Configuration
AgentAdress is configured as follows:
# /etc/snmp/snmpd.conf
# Listen for connections from the local system only
agentAddress udp:127.0.0.1:161
The daemon has been launched with following options:
# /etc/default/snmp
# snmpd options (use syslog, close stdin/out/err).
SNMPDOPTS='-Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid'
Output of ps aux | grep snmpd
/usr/sbin/snmpd -Lsd -Lf /dev/null -u Debian-snmp -g Debian-snmp -I -smux mteTrigger mteTriggerConf -f
So, if anybody comes across the same question: The UDP port has been opened by snmp-traps. In order to avoid this behavior, I had to comment out following line in the snmpd.conf:
/etc/snmp/snmpd.conf
# ACTIVE MONITORING
# send SNMPv1 traps
# !comment this line out!
# trapsink localhost public
Read this link for further information: https://sourceforge.net/p/net-snmp/mailman/message/29219475/
I have a task in a lab for my cyber-security class where I have to verify that the port 5555 is open and not in use via Command Prompt. I have tried the following command with these flags:
command used to check port 5555
You can do a nmap scan on that port to see if its open or close; also you can get more information about the port if its open this way.
nmap -vvv <ip> -p 5555
if you are looking for a fast way you can try to connect to that port and see using netcat or telnet
nc localhost 5555
telnet localhost 5555
if the port is close your connection will drop if its open the connection wont close if the application running on port 5555 has a header you can also see that.
in case you looking for open ports in your own computer you can do ss -lnpt which will show all open ports. then you can grep for port 5555
You can either use netstat or sudo lsof -i tcp:5555.
If you don't get a response on your terminal, it means that there's nothing running on port 5555.
If I run lsof, it says that this port is not in use. Yet, I can telnet into it and something is listening on that port.
Am I using the wrong command to see what ports are in use? I'd like to kill the process listening on 3306.
± |master ✓| → lsof -i :3306
|2.3.1| montana in ~/workspace
± |master ✓| → telnet localhost 3306
Trying ::1...
Connected to localhost.
Escape character is '^]'.
J
5.6.39|=X%N9r�&a;AtF>E!r>{mysql_native_passwordConnection closed by foreign host.
To check which process is running on 3306 port
sudo lsof -i tcp:3306
and if you get the process id
kill -9
I have a file containing IP addresses and port numbers only. I know how to start a service by its name but how to start and stop it by port number?
for port in $(cat /home/asd/iplog.txt); do
service /etc/init.d/$port | cut -d\: -f2 start
done
here is the iplog.txt output:
192.168.1.2:21
192.168.2.25:80
192.168.5.230:25
and the output of the script:
/etc/init.d/192.168.1.2:21: unrecognized service
cut: start: no such file or directory
/etc/init.d/192.168.2.25:80: unrecognized service
cut: start: no such file or directory
Now I have two questions:
How to start and stop a service by its port number?
how to do it remotely?
as I am not familiar with shell scripting, I really need your help please.
How to find a service's PID/command by its port number?
You can kill it/them to stop the service. But this is not the best way.
#lsof-i :22
Command PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
sshd 14543 root 3u IPv4 4132251 0t0 TCP *:ssh (LISTEN)
sshd 14543 root 4u IPv6 4132253 0t0 TCP *:ssh (LISTEN)
#ps 14543
PID TTY STAT TIME COMMAND
14543 ? Ss 0:00 /usr/sbin/sshd
how to do it remotely?
ssh user#remote 'your command to stop service'