Troubleshooting tools for ISA Server
10.1.1.4 Netstat
Netstat is a command line tool. It can be used to troubleshoot security and connectivity issues. By entering Netstat on the command line, you can check the port configuration of the ISA Server computer and view connections to and from the computer.
Note using ports in TCP and UDP to name logical connection terminals. The port number from 0 to 65535 is divided into the following 3 types: Well known ports, registered ports, dynamic/or private ports. Familiar with ports from 0 to 1023, registering ports from 1024 to 49151, dynamic/or dedicated ports from 49151 to 65535. For more details, please refer to the Web site
The netstat command-a option allows you to accept output information for all active connections and listening ports. When the-n option is used, the address and port number are not converted to character names. This distinguishes the external and internal IP connections on the ISA Server computer and determines which port is open at any given time on a particular interface. You can see which service is active on which particular port by comparing the-an and-a options. Specify a special protocol with the-P TCP or-p UDP option to qualify Netstat-an output. For example, the netstat–an–p TCP command prints output information for all active TCP connections and listening ports. The netstat–an–p UDP command prints only the output information for the UDP port status.
In addition, understanding the port configuration can check connectivity issues, port conflicts, and security vulnerabilities. For example, if a remote server is not connected, the Netstat output information may determine that this is not a problem for the local network, but the remote computer rejects the connection request. At the same time, each time you connect, you can also confirm whether the local machine receives TCP reset or ICMP Port unreachable packets.
Finally, Netstat can be used to diagnose attacks on the system. For example, the SYN attack paralyzed the server by creating a large number of Half-open TCP connections. In this case, the external address is usually a pseudo address, and there is an incremental increment of the port number. Therefore, based on this salient feature of the SYN attack, it can be identified from the Netstat output information below.
C:\>net stat-a
C:\>netstat-n-P TCP
Active connections
Proto locaaddress Foreign Address state
TCP 127.0.0.1:1030 127.0.0.1:1032 established
TCP 127.0.0.1:1032 127.0.0.1:1030 established
TCP 10.1.1.5:21 192.168.0.1:1025 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1026 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1027 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1028 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1029 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1030 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1031 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1032 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1033 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1034 SYN-RECEIVD
TCP 10.1.1.5:21 192.168.0.1:1035 SYN-RECEIVD
10.1.1.5 Telnet
Specify the port number after the Telnet command to test whether the server receives commands through this port. For example, after you run the netstat-an-p TCP command, you find that port 3149 is used to listen for incoming requests. Then, enter Telnet externa_ip_address 3149 on the command line to determine whether ISA Server allows users to telnet to the port. Here externa_ip_address refers to the public IP address assigned to the ISA Server computer. If a blank screen is returned or the response output is not a failed connection, it is theoretically possible for an external user to enter a service command to communicate with the service located on that port. Note that this state usually does not indicate a security vulnerability, but hackers often use Telnet to develop these vulnerabilities if a given service has a security vulnerability.
Telnet can also be used to determine whether a service on a computer is active. For example, if you can telnet to port 25 of the ISA server computer, the SMTP service is running and is accessible to external users. If you want to block external users from accessing the SMTP service, you can choose to correct the situation. By turning off this service, you can verify that packet filtering on ISA Server is started, and/or that IP data packet filters that allow inbound traffic to pass port 25 are not enabled on ISA Server. On the other hand, if you want to publish a server and test external access, you might want to telnet to the port of the service to see if it accepts connections. For example, if you publish a Web server on port 9999 of the ISA Server computer, you can enter Telnet externa_ip_address 9999来 to determine that you can connect to that port.
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.
