Check if port is open when communication fails for Symantec products

book

Article ID: 171121

calendar_today

Updated On:

Products

Data Loss Prevention

Issue/Introduction

Communication fails between clients and servers for Symantec Data Loss Prevention (DLP) or other Symantec products. Learn how to determine if a server is listening on a specific port in this scenario.

Resolution

Determine if the port has a listener on the server you want to connect to. While on the Endpoint detection server (or any target server) run the following :

netstat -an | find "<port number>"

You should see an online TCP listener for 0.0.0.0 on port 10443; the IP can be 0.0.0.0 or any of the local IP addresses.

After you confirm that the server is listening on the port, go to a client and use one of the following methods to see if the port is open over the network.

Method 1: Powershell script

This method is recommended because other application like telnet can have their specific type of communication blocked rather than just their port.

Save the following script as checkport.ps1:

$socket = new-object Net.Sockets.TcpClient
$socket.Connect("192.168.2.100",80)
$socket.Connected

This script will test to see if IP 192.168.2.100 is listening on port 80. 

Run the following command line to test this script:

powershell -ExecutionPolicy Bypass -file ".\checkport.ps1"

If the test is successful it will return "True". If unsuccessfull, there will be a red error and report that "the target machine actively refusted it".

(Optional) If needed, go to the target machine and use the following PowerShell command to start a listener (only do this if a service is not already listening on the port, verify with 'netstat -an' command): 

$Listener = [System.Net.Sockets.TcpListener]80;
$Listener.Start();

Once the test is complete run the following command to stop the listener:

$Listener.Stop();

Method 2: Telnet Client

Using the telnet client can be used if PowerShell is not available or telnet is already enabled on the machine. The main drawback of using telnet is that you can get a false negative result because some routers can specifically block telnet traffic even if the port is open.

Follow these steps to test a TCP connection with telnet:

  1. Open a command prompt
  2. Run the following command:

    telnet <Destination IP> <port number>

Example:

telnet 192.168.2.100 10443
  • If the port is open and telnet is attempting to establish a connection, the screen clears and goes dark.
  • If the port is closed, you should see the message: "Could not open connection to the host, on port <port number>: Connect failed."
  • If the port is not enabled, you see an error stating that telnet is not recognized as an internal command.

To enable the telnet client:

  1. In the Windows Control Panel, search for "Turn Windows features on or off".
  2. Check Telnet Server and Telnet Client.
  3. Click OK. The features are installed.
  4. Open a new command prompt and try again.

 

Also note: Source ports on client machines with DLP agent (and most other applications) are dynamic and may need to be factored in when it comes to firewall rules.

Attachments