ISA Server troubleshooting Tool
Exercise 10.1.3: test the port status
In this exercise, you need to use Netstat and Telnet commands to determine the port status of the ISA Server computer. This technology can be used to verify security or determine whether services running on the ISA Server computer are available to external sites.
Exercise: test the ISA Server port
In this exercise, run the Netstat utility in a command prompt and note that different ports are opened on the external interface of the ISA Server.
Test the port status of the ISA Server computer:
1. log on to Server 1 as Administrator.
2. Click Start and select Run.
The Run dialog box appears.
3. In the Open text box, Enter cmd and click OK.
A command prompt is displayed.
4. Enter netstat-an-p TCP in the command prompt.
The output information of all active TCP ports on the ISA Server computer appears. On the output screen, an IP address with a port number on the left represents the local address of each active connection, and an IP address with a port number on the right represents the external address of each active connection. In the output, most local addresses refer to the internal interface 192.168.0.1. However, some local connections at the end of the list may be the external IP address of the ISA Server.
5. How many active connections are there in the external interface of ISA Server? Check the external addresses of these connections carefully. Are these addresses actually external remote addresses, or are they just another port of the same local address? Which ports in these external addresses are used to send information to the external interfaces of the ISA Server computer?
The answer is written in the following blank space:
6. On the ISA Server computer, open the IE browser and connect to an external Web site, such,
Http: // www. microsoft.com
.
7. When the Web page is being downloaded from IE, switch to the Command Prompt window and enter netstat-an-p TCP again.
The output information of all active TCP ports on the ISA Server computer appears.
8. view the end of the output list. How many active connections are there on the external port of the ISA Server computer compared to the answer in step 1? Have you seen the active ports of external addresses not previously listed? After viewing the data, can I determine which external port is used to send Web data to the local external IP address?
9. Which local port is the Web data sent to the external interface of the ISA Server computer? These ports are dynamic. Each connection is different. Write down the numbers of these ports in the blank space below.
If the network shows signs of intrusion, the system checks the external port status that hackers may attempt to pass to eliminate security faults. You can try to telnet to an external port to check whether the service on the port responds to the connection request (generally, this operation must be performed on an external computer ).
10. Try to telnet to the external port written in step 1. In the command prompt, enter telnet [externa_ip_address] [port_number]. [Externa_ip_address] is the external IP address currently allocated to the ISA Server computer. [port_number] is one of the local port numbers listed in step 1 (for example, telnet 64.43.113.110 9th ).
A message is displayed, indicating that the connection port fails. This port is not a listening port. When the port receives external connections, either a blank screen or an output message from the communication service on the port is displayed.
11. In the Command Prompt window, try to telnet to each port in the left column of the following table. Specifies the external IP address currently allocated to the computer. For example, if your IP address is 64.43.113.110 25, you can enter telnet 64.43.113.110 25 in the command prompt to connect to port 25 through telnet. In the right column of the table below, write down the open or closed ports.
Port Status
25
7
389
443
21
8080
1030
Open ports do not mean security vulnerabilities. However, for the sake of security, it is recommended that some ports not be in the static open state, such as 15 (Netstat), 21 (FTP), 23 (Telnet), 25 (SMTP), 79 (Finger) and 80 (HTTP ).
12. Close the command prompt dialog box.
10.1.4 Summary
Many tools are available for troubleshooting ISA Server. The first step is to use the ISA Server Report. It can determine the cause of performance failure. The Event Viewer displays all event messages generated by the ISA Server service. ISA Server Performance Monitor solves network usage, hardware, and configuration problems. Netstat is a command line tool that displays all active TCP or UDP connections. This helps eliminate security and connection problems. In addition, you can also use the Telnet utility to check whether the server receives commands through a given port. The network monitor can capture and display the frame content received by the Windows 2000 server from the LAN. Finally, the Route command can verify and modify the Route table and verify that all network segments of the feasible Route can be accessed. (Summary)