IBM i Global

 View Only

  • 1.  Checking for configured ports on IBMi

    Posted 3 days ago

    Hi,

    Is there any way to check which ports have been configured for use on IBMi (but not currently active).

    NETSTAT *CNN gives the "Active" ports at any point in time and CFGTCP , option 4 gives you any port restrictions.

    However, I am looking for an easy way to find out "list of all ports which are configured but NOT CURRENTLY ACTIVE"

    Any guidance would be appreciated. Thank you.



    ------------------------------
    Thomas Varkey
    ------------------------------


  • 2.  RE: Checking for configured ports on IBMi

    IBM Champion
    Posted 3 days ago

    There's inbound ports, and there's outbound ports.  Inbound ports generally stay active unless you end the service.  For example, ftp port 21 stays active unless I ENDTCPSVR SERVER(*FTP).

    Outbound ports are a different animal and often can be quite random.  For example if I ftp FROM this IBM i to another server might go out on port 9393 (this time, as tested).

    I know that firewall/switch personnel like to lock down specific IP addresses and ports.  Most of them understand ephemeral ports (like the port 9393 example above).  Careful, as they will sometime track a weeks worth of usage and base their decision off of that.  Which may cause issues when you only run certain stuff outside of that test period such as SNDPTFORD, SNDSRVRQS.  Then there's also the case if your IBM i supports multiple IP addresses, like for multiple web sites, domino servers, H/A software routing, etc and some IP clients don't support "bind specific".  For example, if I telnet from an lpar with multiple IP addresses which one am I coming from?

    You can do a STRCMNTRC to capture some of this.  And it will even generate a pcap file, loved by many a network technician.  DMPCMNTRC CFGOBJ(LANLINSYS) CFGTYPE(*LIN) TOSTMF('/home/ROB/myfile.pcap') FORMAT(*PCAP)

    I don't believe there are any ways to journal these through journals, qhst, etc.

    See also:  https://www.ibm.com/docs/en/i/7.5?topic=is-communication-services



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------

    Original Message


  • 3.  RE: Checking for configured ports on IBMi

    Posted 2 days ago

    Hello Robert,

    Thank you for your reply. I was actually asking about inbound ports. Is there any way to know which inbound ports have been configured. NETSTAT *CNN shows all the inbound ports that are ACTIVE at that moment in time. Is there any way to know which inbound ports have been configured BUT NOT CURRENTLY ACTIVE.

    For eg, if for a new application, I need to define an inbound port (say 1475), it would be good to know if this inbound port has already been used for some other application (which may not be active at that point in time.

    Appreciate your thoughts on this.



    ------------------------------
    Thomas Varkey
    ------------------------------

    Original Message


  • 4.  RE: Checking for configured ports on IBMi

    Posted 14 hours ago

    To get traffic log in a journal, one could use the integrated Packet Filter with an "allow all" filterset and journaling to "Full": https://www.ibm.com/docs/en/i/7.5?topic=mpr-journaling-auditing-packet-rules-actions-by-packet-rules .



    ------------------------------
    Sylvain Manceau
    ------------------------------

    Original Message


  • 5.  RE: Checking for configured ports on IBMi

    Posted 2 days ago

    You can try WRKSRVTBLE command. It shows if a service is assigned to a particular port. But use it as a hint only. If there's an entry for a port, it doesn't mean the port is ever used and you need to look into it further. Also, if there's no entry for a port, it doesn't mean the port is unused. But any serious application should have a relevant entry in that list. Using a specific port is application dependent and it sits in the application configuration. Technically (and in most cases) you can change the port number at any time in the configuration and the system doesn't track configuration changes. So until the application is started, the system wouldn't know the port number. As far as I remember, if you try to start application and the port is already active and used by other application then your service will not start properly.



    ------------------------------
    Krzysztof Łukawski
    ------------------------------

    Original Message


  • 6.  RE: Checking for configured ports on IBMi

    Posted 2 days ago

    I think the easiest answer to your question is "no".  An inbound port is is simply something which listens on that port.  You can create a simple program that will listen on any available port you state.  Application port numbers could be in code or data objects.  Web Servers will use various, changeable, ports which would show up in their config.  Is there more to the question?



    ------------------------------
    Patrick Kelly
    ------------------------------

    Original Message


  • 7.  RE: Checking for configured ports on IBMi

    IBM Champion
    Posted 2 days ago

    I think Patrick sums up the best answer.

    Others, me included, knew or assumed that Patrick's answer was a given and were trying to jump past that to try to provide work arounds.

    I use a MFT solution which stores their port number in an IFS file in their product directory.  I'm betting others do too.  So that's yet another place to look.



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------

    Original Message


  • 8.  RE: Checking for configured ports on IBMi

    IBM Champion
    Posted 2 days ago

    For webservers, you could go into the HTTPAdmin and choose "All Servers" from the "Servers" dropdown.  This will show the IP:port configured in each webserver, even if they are not running at the moment.  I think you'll need to find similar resources (or create your own) for other types of services.  If you have any idea of the services that you're concerned about, we can probably help you hunt down the port details.



    ------------------------------
    Steven Riedmueller
    Certified IBM i Admin
    Speaker, Mentor, and Advocate
    ------------------------------

    Original Message


  • 9.  RE: Checking for configured ports on IBMi

    IBM Champion
    Posted 2 days ago

    I tried searching https://wiki.midrange.com/index.php/Main_Page for ports to see if anyone had created any table of commonly used ports on IBM i.  I didn't see any.



    ------------------------------
    Robert Berendt IBMChampion
    ------------------------------

    Original Message