IBM i Global

Hi,

Is there any way to check which ports have been configured for use on IBMi (but not currently active).

NETSTAT *CNN gives the "Active" ports at any point in time and CFGTCP , option 4 gives you any port restrictions.

However, I am looking for an easy way to find out "list of all ports which are configured but NOT CURRENTLY ACTIVE"

Any guidance would be appreciated. Thank you.

There's inbound ports, and there's outbound ports.  Inbound ports generally stay active unless you end the service.  For example, ftp port 21 stays active unless I ENDTCPSVR SERVER(*FTP).

Outbound ports are a different animal and often can be quite random.  For example if I ftp FROM this IBM i to another server might go out on port 9393 (this time, as tested).

I know that firewall/switch personnel like to lock down specific IP addresses and ports.  Most of them understand ephemeral ports (like the port 9393 example above).  Careful, as they will sometime track a weeks worth of usage and base their decision off of that.  Which may cause issues when you only run certain stuff outside of that test period such as SNDPTFORD, SNDSRVRQS.  Then there's also the case if your IBM i supports multiple IP addresses, like for multiple web sites, domino servers, H/A software routing, etc and some IP clients don't support "bind specific".  For example, if I telnet from an lpar with multiple IP addresses which one am I coming from?

You can do a STRCMNTRC to capture some of this.  And it will even generate a pcap file, loved by many a network technician.  DMPCMNTRC CFGOBJ(LANLINSYS) CFGTYPE(*LIN) TOSTMF('/home/ROB/myfile.pcap') FORMAT(*PCAP)

I don't believe there are any ways to journal these through journals, qhst, etc.

See also:  https://www.ibm.com/docs/en/i/7.5?topic=is-communication-services

Hello Robert,

Thank you for your reply. I was actually asking about inbound ports. Is there any way to know which inbound ports have been configured. NETSTAT *CNN shows all the inbound ports that are ACTIVE at that moment in time. Is there any way to know which inbound ports have been configured BUT NOT CURRENTLY ACTIVE.

For eg, if for a new application, I need to define an inbound port (say 1475), it would be good to know if this inbound port has already been used for some other application (which may not be active at that point in time.

Appreciate your thoughts on this.