When I'm scanning only one port using nmap (nmap 5.21 version) on which my service is running, it is working fine (I'm able to login to my service which is running on port 28443).
nmap -P0 -sT -A -p 28443 -oN /root/abhiNmap.txt nmap v <IP>
but when I'm scanning all 65k port, scan is fine but after that I'm not able to login to service on same port. It gets hanged.
nmap -P0 -sT -A -p 1-65535 -oN /root/abhiNmap.txt nmap v <IP>.
though netstat -an | grep 28443, it is listening properly on same port.
Work around after which it is working fine:
stop tomcat -> service activemq restart -> start tomcat.
I'm not able to correlated between nmap and activeMq. Is there any relation or something which is affecting activemq? Thanks in advance.
Troubleshooting hung services can be difficult. The first step would be to pare down the scan to the smallest set of probes that can reproduce the hang condition. Your command line includes the -A flag, which turns on all of Nmap's advanced features. Here are a few scans to try, and what they mean for the hung service:
nmap -sT -p1-65535 <IP> - A simple all-ports scan
nmap -sT -p1-10,28443 -O <IP> - OS detection would usually be skipped on a single-port scan, so we throw in some extra ports that are likely to be closed in order to force it.
nmap -sT -p1-65535 -sV <IP> - All-ports scan with service version detection. This is usually the phase that will crash services, since it sends many unique probes to open ports.
nmap -sT -p1-65535 -sV -sC <IP> - If the previous scan didn't crash it, this one may, since it runs extra NSE scripts that interact with open services.
nmap -sT -p1-65535 --traceroute <IP> - Very unlikely that this is the culprit, but it is the last feature that is included in -A.
Once you have a scan that will repeatedly crash the service, you should check the service's logs to see if you can understand why it crashed. You may also want to start removing ports from the scan to see which port is affecting your service: From your question, I would guess that 28443 is actually fine, but there may be another open port to another service that it interacts with, which is really the one that breaks.
Once you figure out what is the problem, you should take steps to ensure it doesn't continue to be a problem:
Use a firewall to limit access to the vulnerable service.
Send a bug report to the maintainers of the service software listing steps to reproduce the hang condition.
Send a message to dev#nmap.org with the steps to reproduce. The developers may be able to change the probes that are sent to this service to avoid a crash.
Contribute your findings to the Network Scanning Watch List so other people can avoid crashing their own services.
Finally, I would like to point out that Nmap 5.21 was released in 2010, and is now 4 years old. The latest version of Nmap is 6.40 as of this writing, and contains many bug fixes and new features.
Related
When i start any web project in netbeans it start tomcat in xammp by dfault but when tomcat is in running state Mysql(php admin) page not open i think there is some kind of port issue please guide me about this issue
change pot mo in config files
Find out what ever the port that error cause and you can kill that usage by following theses steps. Here I take 3325 as my port.
Open cmd and type netstat -ano | findstr 3325.
Then type this code with what ever the output that you gets. Here I get 10360 as my output for the 1st one. taskkill /F /pid 10360
Using this method you can kill the process of port that already in use. Kill the relevant process that is not needed if there are multiple processes hang on this port. This might be helpful to fix your issue.
I have a GCE Instance a Debian 1v CPU & 1.7GB. Then I followed the below tutorial and installed webmin on it.
https://www.howtoforge.com/tutorial/how-to-install-webmin-on-ubuntu-15-04/
The installation went successfully. Then I Created a Firewall exception on using the UFW and allowed port 10000.
sudo ufw allow 10000/tcp
But I was not able to access Webmin through the browser.
https://my-gce-instance-ip-address:10000.
Then i created firewall exception using the Google Cloud Console. Again tried the url it didnt work.
Then i thought this might be because of webmin is https mode. So i open the /etc/webmin/miniserv.conf and changed ssl=0. After that i restarted the webmin.
/etc/init.d/webmin restart
Then I tried the the url with Http, still I can't access.
I tried below command and checked the output. Accordingly Webmin is correctly running and listening on port 10000.
netstat -tulpn | grep :10000.
I can't seem to think what I am doing wrong. I have now spent several days on this without and solution in sight. Hope someone can kindly help me?
try this ... it's working for me
iptables -I INPUT 1 -p tcp --dport 10000 -j ACCEPT
service iptables save
/etc/init.d/iptables restart
open both link in Browser
https://your-IP:10000
and
http://your-IP:10000
you need to allow port 10000 from iptables
sudo iptables -A INPUT -p tcp -m tcp --dport 10000 -j ACCEPT
this work for me
i'm using ubuntu 16.04
You don't need to do any firewall configuration in the instance itself. All firewall configuration is done in the Google Cloud console.
The steps I typically follow, as you show to have figured out in your comment, are:
Create the firewall rule, in it opening the particular port you need (10000 in the case of Webmin) for ingress TCP traffic, accepting connections from some IP range (e.g. 0.0.0.0/0), and specifying target tags to be later assigned to instances to which that rule shall apply.
Add one of those tags to the "network tags" section of some particular instance.
This alone should work, opening the port for your instance in the firewall.
I was almost creating another question here on SO when yours was suggested as a possible duplicate. I had followed the steps above on my Webmin machine, and yet the machine refused to connect on port 10000. As I kept writing the question, I figured out my particular problem: in the firewall rule, in the source IP range filter, I set the single meta-address 0.0.0.0 instead of the range 0.0.0.0/0. So, to anyone who has followed the steps above and still can't connect to their webmin installation, do check if your source range filter is correctly set.
Though browsing several websites and here on stack overflow, there seems to be a way to view the messages in an Activemq queue using Jolokia and Hawt.io, but I have been unsuccessful to this point.
We are running our Activemq (version 5.12.0) as in embedded service in our Spring Webapp and exposed the Jolokia web services as explained in this webpage:
https://jolokia.org/reference/html/agents.html#agent-war-programmatic
When looking that the Jolokia web services via Hawt.io, I can not figure out how to actually view the messages in the queue.
Here is a screenshot showing the queue size:
So, how can I view the messages in an Activemq queue using Jolokia and Hawt.io?
The solution we ended up going with didn't actually use Jolokia or Hawt.io.
We ended up using Jconsole.
When looking at ActiveMQ queues, if you used a java serialized object in the queue, the data won't be very readably, but if you serialize your object to json, it is quite easy to see what is in the queue.
It is terribly important to read these directions all the way though, carefully.
These instructions discuss SSH Tunneling and it is quite easy to mess something up and there are not very good log messages when things go wrong.
Remote Debugging
Due to security reasons, we have closed all the open debug ports on our remote virtual machines.
To get remote debugging to work, we will need to use SSH Tunneling to access the remote virtual machine debugging ports.
Remote Application Setup
The application that you want to remotely debug must have the JPDA Transport connector enabled.
After Java 1.4, to enable the JPDA Transport, add the following vm parameter when starting your java virtual machine:
-agentlib:jdwp=transport=dt_socket,server=y,suspend=n,address=<remote_port_number>
The above attributes are hard to describe, but what is presented above works well. More information about the above attributes can be found on the Connection and Invocation Details page.
Local IDE Setup
In Intellij to connect to a remote java virtual machine, open the "Run/Debug Configurations" window.
Then select a new "Remote" configuration.
Enter the following values:
Debugger mode
Attach to remote JVM
Host
localhost
Port
<local_port_number>*
Use module classpath
<local_package>**
The <port_number> should be the local port number of the ssh tunneling session that you will be starting. It is recommended that the <remote_port_number> and the <local_port_number> are the same value.
** This value should be whatever your local project is named.
SSH Tunneling
To actually connect to the remote debugging port, we'll need to use SSH Tunneling.
Run the following command via a terminal command line:
$ ssh -L <local_port_number>:localhost:<remote_port_number> -f <username>#<remote_server_name> -N
Example:
$ ssh -L 10001:localhost:10001 -f <your_username>#<your.server.com> -N
This command does the following:
Starts an ssh session with the <remote_server_name>.
Connects your <local_port_number> to the <remote_port_number> of the localhost of the remote machine. In this case, we're saying connect to localhost:10001 of the <your.server.com> machine.
Start remote debugging in the Intellij IDE and you should then be connected to the remote java virtual machine.
Resources
Intellij IDEA remotely debug java console program
Remote debug of a Java App using SSH tunneling (without opening server ports)
Remote JMX
We use JMX to look at the Spring Integration Kaha DB Queues.
Remote Application Setup
Add the following vm parameters:
-Dcom.sun.management.jmxremote.port=64250
-Dcom.sun.management.jmxremote.rmi.port=64250
-Dcom.sun.management.jmxremote.authenticate=false
-Dcom.sun.management.jmxremote.ssl=false
-Djava.rmi.server.hostname=127.0.0.1
The jmxremote.port and jmxremote.rmi.port can be any number and they can be different values, it just helps if they are the same value when doing the ssh tunneling below.
SSH Tunneling
$ ssh -L 64250:localhost:64250 -f <your_username>#<your.server.com> -N
JConsole Setup
This is done in a new terminal window.
$ jconsole -J-DsocksProxyHost=localhost -J-DsocksProxyPort=64250 service:jmx:rmi:///jndi/rmi://127.0.0.1:64250/jmxrmi
Resources
Why Java opens 3 ports when JMX is configured?
Clean Up
To close the ssh processes above:
$ lsof -i tcp | grep ^ssh
Then perform a kill on the process id.
Using jps and jstack to Help Debug
List all java processes running on a machine:
$ sudo jps
List the threads of an application running:
$ sudo -u <process_owner> jstack <process_id>
Example:
$ sudo -u tomcat jstack <pid>
I have installed NetBSD 4.0.1 x68k on XM6i (http://www.ceres.dti.ne.jp/tsutsui/netbsd/x68k/NetBSD-x68k-on-XM6i.html) as a virtual machine emulating a 68030 platform. I have gotten everything to work except networking.
According to the documentation, you need to install a TAP-Win32 network adapter from OpenVPN installer, which I have. I have set the ipv4 settings of this adapter to IP address: 192.168.2.1 and Netmask: 255.255.255.0
In NetBSD, I have created a /etc/ifconfig.ne0 file to configure the ne0 network interface, which I assume represents the TAP-Win32 adapter. This file sets IP address to 192.168.2.17 and Netmask to 255.255.255.0
When i use "ping 192.168.2.1" on NetBSD I am unable to ping the host, the error message being: "host is down"
Does anyone know whats going wrong? If anyone could give me any advice I would be most grateful.
Update: Above problem has been solved .... but not quite.
If I have tinkered around with settings on host, now I can ping guest only if I run tcpdump -i ne0 on guest. Then after that I can also ping the host from the guest. I have tried restarting and trying without tcpdump but the changes didnt seem to stick, so i have to run tcpdump in order to setup the host only connection.
Is there any way I can do this without tcpdump and make the fix stick?
Edit: Here is the link to the new question with a more detailed explanation of the problem: Host Only connection NetBSD to Windows
It turns out to run a complete networking emulation on a 68030 machine on the latest version of XM6i, you need to run tcpdump on boot. There is no way around it.
I have a GPS module connected to a Raspberry Pi via USB.
For some reason I can't seem to get a fix using:
cgps
it doesn't seem to get a fix and terminates.
I've also tried:
sudo killall gpsd
sudo gpsd /dev/ttyUSB0 -F /var/run/gpsd.sock
and then tried cgps again, but that doesn't seem to work either.
I even tried:
sudo nano /etc/default/gpsd
and changed the line:
GPSD_OPTIONS=""
to:
GPSD_OPTIONS="/dev/ttyACM0"
which apparently worked for others around the web, but after a reboot, that didn't work either.
But for some reason when I do:
gpsmon /dev/ttyUSB0
I get a full readout of data; lat, lon, Sats, altitude, ext.
Is there a way to output gpsmon /dev/ttyUSB0 sentences to a text file?
Also, why can't I obtain a fix using cgps or something similar?
gpsd is a beautiful application to simplify gps use, but it can be a little confusing.
If you're using a Rasbian, or some apt based package system it is best to configure it with sudo dpkg-reconfigure gpsd to avoid complications (tyqos), but isn't necessary. We have preferences for, but you may not,
autostart,
-n Don't wait for a client
-G to listen on all addresses,
-b Broken-device-safety mode, and
autofind
The resultant configuration file looks like
# Default settings for gpsd.
# Please do not edit this file directly - use `dpkg-reconfigure gpsd' to
# change the options.
START_DAEMON="true"
GPSD_OPTIONS="-n -G -b"
DEVICES=""
USBAUTO="true"
GPSD_SOCKET="/var/run/gpsd.sock"
The primary stumbling block with this approach while gpsd is running in this fashion is it will grab the gps before you can. Attempts to independently and directly access the device /dev/whatever will fail as busy.
If you wish to go that route, for whatever reason, before doing anything else, make sure gpsd is not running.
sudo killall gpsd
and remove any sockets gpsd might have left behind,
sudo rm /var/run/gpsd.sock
Check the location of your gps by attaching it and tracking where it went with dmesg | tail. It will look something like
[67338.935645] usb 1-1.2: New USB device strings: Mfr=1, Product=2, SerialNumber=0
[67338.935650] usb 1-1.2: Product: USB-Serial Controller
[67338.935653] usb 1-1.2: Manufacturer: Prolific Technology Inc.
[67338.936154] pl2303 1-1.2:1.0: pl2303 converter detected
[67338.937953] usb 1-1.2: pl2303 converter now attached to ttyUSB1
[67339.806917] pl2303 ttyUSB1: usb_serial_generic_read_bulk_callback - urb stopped: -32
[67339.807306] pl2303 ttyUSB1: usb_serial_generic_read_bulk_callback - urb stopped: -32
[67340.018016] pps_ldisc: PPS line discipline registered
[67340.018321] pps pps0: new PPS source usbserial1
[67340.018330] pps pps0: source "/dev/ttyUSB1" added
Then you can check for output with sudo cat /dev/ttyUSB1...or whatever, but you could do that with gpsd running. (You can also pump this into a text file sudo cat /dev/ttyUSB1 > gps_dump.txt, or your gpsmon /dev/ttyUSB0 >gps_dump.txt, but there are more elegant solutions.)
The flip side of the confusion is no gps output from the gpsd because it isn't running or configured 'properly'. (either turned off, not started, or pointing to the wrong device). A few application will tell you it's not running, many just sit in silence without any data. I know of none that will tell you gpsd has been manually set to the wrong device.
If you have killed gpsd, or do not have it automagically start, ensure that it is running with sudo /etc/init.d/gpsd restart
Unless you're doing something odd with odd hardware most cases will spit back data with gpsd in these settings, sparing the need for diagnostic settings.
However, bear in mind cgps will timeout if there is no fix. Check your skyview, and Time To First Fix. xgps, on the other hand, is more resilient for failures and provides clues for the absence, or quality of data. If you have an X server, xgps is actually my preferred test for "is it working". If you don't, but have your Pi on a network (xgps 192.168.0.6, or whatever, because the other machine has gpsd-client installed). Another option is to ssh -X user#192.168.0.6 and then execute xgps)
Telneting into gpsd, while interesting, is another tier diagnostic, as are others.
And finally, a shameless plug for a Python client for gpsd (gps3.py) as means to access the data from a gpsd. It still is alpha, but it doesn't import historical cruft.
You may be binding to the wrong serial. You discover the serial for your GPS device by navigating to the folder below without the device plugged in, then refreshing with the device plugged in.
cd /dev/
ls
My device is called "ttyACM0"
Install the requisite packages.
sudo apt-get install gpsd gpsd-clients python-gps
Stop Daemons
sudo systemctl stop gpsd.socket
sudo systemctl disable gpsd.socket
Expose Service to public ports and localhost
vim /lib/systemd/system/gpsd.socket
Change 127.0.0.1 to 0.0.0.0
Stop GPSD services
sudo killall gpsd
Bind service to serial device
sudo gpsd /dev/ttyACM0 -F /var/run/gpsd.sock
Show GPS Data
gpsmon
This video shows step by step how to do what you are looking for.
How to install GPS on RaspberryPi
https://www.youtube.com/watch?v=A1zmhxcUOxw