Re: Catalyst 4500 listening on TCP 6154 on all interfaces

[marcel.duregards--- via NANOG]

As the zero touch feature is on TCP 4786 (SMI), I vote for either:

- a nsa backdoor :-)
- a default active service

Have you tried to zeroize the config and restart then check if TCP 6154
is still on LISTEN state ?


-
Marcel



On 03.05.2018 06:51, frederic.jut...@sig-telecom.net wrote:
> Hi,
> 
> We have Cat 4500 series on SUP7L-E with IOS/XE 03.06.02.E/152(2).E2
> which have TCP port 6154 listening on all interfaces.
> 
> Any idea what it could be ?
> 
> #show tcp brief all
> TCB       Local Address               Foreign Address             (state)
> ...
> 5A529430  0.0.0.0.6154        <<<<<<<<<<<<<<<<
> 
> 
> #show tcp tcb 5A529430
> Connection state is LISTEN, I/O status: 1, unread input bytes: 0           
> Connection is ECN Disabled, Mininum incoming TTL 0, Outgoing TTL 255
> Local host: 0.0.0.0, Local port: 6154
> Foreign host: UNKNOWN, Foreign port: 0
> Connection tableid (VRF): 1
> Maximum output segment queue size: 50
> 
> Enqueued packets for retransmit: 0, input: 0  mis-ordered: 0 (0 bytes)
> 
> Event Timers (current time is 0xF58354):
> Timer          Starts    Wakeups            Next
> Retrans             0          0             0x0
> TimeWait            0          0             0x0
> AckHold             0          0             0x0
> SendWnd             0          0             0x0
> KeepAlive           0          0             0x0
> GiveUp              0          0             0x0
> PmtuAger            0          0             0x0
> DeadWait            0          0             0x0
> Linger              0          0             0x0
> ProcessQ            0          0             0x0
> 
> iss:          0  snduna:          0  sndnxt:          0
> irs:          0  rcvnxt:          0
> 
> sndwnd:      0  scale:      0  maxrcvwnd:   4128
> rcvwnd:   4128  scale:      0  delrcvwnd:      0
> 
> SRTT: 0 ms, RTTO: 2000 ms, RTV: 2000 ms, KRTT: 0 ms
> minRTT: 60000 ms, maxRTT: 0 ms, ACK hold: 200 ms
> uptime: 0 ms, Sent idletime: 0 ms, Receive idletime: 0 ms
> Status Flags: gen tcbs
> Option Flags: VRF id set, keepalive running, nagle, Reuse local address
>   Retrans timeout
> IP Precedence value : 0
> 
> Datagrams (max data segment is 516 bytes):
> Rcvd: 0 (out of order: 0), with data: 0, total data bytes: 0
> Sent: 0 (retransmit: 0, fastretransmit: 0, partialack: 0, Second
> Congestion: 0), with data: 0, total data bytes: 0
> 
>  Packets received in fast path: 0, fast processed: 0, slow path: 0
>  fast lock acquisition failures: 0, slow path: 0
> TCP Semaphore      0x5BEB9B10  FREE
> 
> 
> 
> 
> 
> (The command "show control-plane host open-ports" is not available on
> this platform/code)
> 
> 
> 
> I also think that if it would be a local socket for internal process
> communication, it would be 127.0.0.1:6154 instead of 0.0.0.0:6154.
> So this is listening on all interfaces, virtuals and physicals and seam
> not to be for internal internal process communication.
> 
> 
> Fred
>