[SOLVED] Not able to telnet on ports. Error-Connection refused.

srijivdimri · 08-06-2013, 01:06 AM

Hi Experts,

I am not able to telnet on specified ports--21344,21354 and 21364. I have a colo server and I am able to ping and ssh to it on port 22. When I try telnet, it comes up with the message:-

telnet 10.52.52.163 21344
Trying 10.52.52.163...
telnet: connect to address 10.52.52.163: Connection refused

If I try ssh to the same ip and same port with verbose option, this is what I see:-

ssh -vv -p 21344 10.52.52.163
OpenSSH_5.3p1, OpenSSL 1.0.0-fips 29 Mar 2010
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug2: ssh_connect: needpriv 0
debug1: Connecting to 10.52.52.163 [10.52.52.163] port 21344.
debug1: connect to address 10.52.52.163 port 21344: Connection refused
ssh: connect to host 10.52.52.163 port 21344: Connection refused

>>Firewall on the server is turned off using :-
/etc/init.d/iptables stop
/etc/init.d/iptables save

>>Tried to capture packets using tcp dump on the colo server as:-
# tcpdump -i em2 -n src host 10.164.253.216
where 10.164.253.216 is the ip from where I am trying to telnet on my colo server.

>>Asked the Network ENgineer to check the perimetre firewall just to make sure that these ports are opened and he confirmed the same.

Please let me know if I am missing something here. Your quick response will be highly appreciated.

acid_kewpie · 08-06-2013, 04:07 AM

1) do you even have anything running on those ports to connect to?

2) what did tcpdump show you? merely showing us a command line you ran is hardly useful.

srijivdimri · 08-06-2013, 04:23 AM

Hi ,

I actually have nothing running on those ports on the server. My understanding about Network-Cisco, Juniper and Linux is that by default all the ports are opened and we limit them using Acl's and Firewall.

So if I am trying to conenct to my colo server using tcp port 21344, 21354 and 21364 shouldnt I be able to connect as long as the rules permit them. Rules like Firewall, Acl's and so on. In my case Firewall is completely disabled and no ACL's blocking this traffic.

When I do a tcp dump and initiate a ping from my machine--10.164.253.216, I see echo request and reply on the colo server.

# tcpdump -i em1 -n icmp
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
05:17:43.861900 IP 10.22.147.145 > 10.52.52.163: ICMP echo request, id 41331, seq 27, length 64
05:17:43.861921 IP 10.22.147.145> 10.22.147.145: ICMP echo reply, id 41331, seq 27, length 64
05:17:44.861061 IP 10.22.147.145 > 10.52.52.163: ICMP echo request, id 41331, seq 28, length 64
05:17:44.861081 IP 10.22.147.145> 10.22.147.145: ICMP echo reply, id 41331, seq 28, length 64
05:17:45.861879 IP 10.22.147.145 > 10.52.52.163: ICMP echo request, id 41331, seq 29, length 64
05:17:45.861899 IP 10.22.147.145 > 10.22.147.145: ICMP echo reply, id 41331, seq 29, length 64
05:17:46.862888 IP 10.22.147.145 > 10.52.52.163: ICMP echo request, id 41331, seq 30, length 64
05:17:46.862908 IP 10.22.147.145 > 10.22.147.145: ICMP echo reply, id 41331, seq 30, length 64
^C

But when I do telnet to 10.52.52.163 21344, I see the following
tcpdump -i em1 -w cap.cap -n host 10.22.147.145
tcpdump: listening on em1, link-type EN10MB (Ethernet), capture size 65535 bytes
^C17 packets captured
17 packets received by filter
0 packets dropped by kernel
[root@W2W-LIME-MHW ~]# tcpdump -r cap.cap
reading from file cap.cap, link-type EN10MB (Ethernet)
05:22:12.460479 IP 10.52.52.163.ssh > 10.22.147.145.42257: Flags [P.], seq 4133568613:4133568741, ack 4209112384, win 333, options [nop,nop,TS val 40945543 ecr 1958503241], length 128
05:22:12.666169 IP 10.22.147.145.42257 > 10.52.52.163.ssh: Flags [.], ack 128, win 943, options [nop,nop,TS val 1958503476 ecr 40945512], length 0
05:22:20.372337 IP 10.22.147.145.57890 > 10.52.52.163.telnet: Flags [S], seq 3454158871, win 5840, options [mss 1460,sackOK,TS val 1958511185 ecr 0,nop,wscale 7], length 0
05:22:20.372374 IP 10.52.52.163.telnet > 10.22.147.145.57890: Flags [R.], seq 0, ack 3454158872, win 0, length 0
05:22:22.303088 IP 10.22.147.145.57891 > 10.52.52.163.telnet: Flags [S], seq 3489798151, win 5840, options [mss 1460,sackOK,TS val 1958513116 ecr 0,nop,wscale 7], length 0
05:22:22.303115 IP 10.52.52.163.telnet > 10.22.147.145.57891: Flags [R.], seq 0, ack 3489798152, win 0, length 0
05:22:23.350019 IP 10.22.147.145.57893 > 10.52.52.163.telnet: Flags [S], seq 3509397371, win 5840, options [mss 1460,sackOK,TS val 1958514163 ecr 0,nop,wscale 7], length 0
05:22:23.350043 IP 10.52.52.163.telnet > 10.22.147.145.57893: Flags [R.], seq 0, ack 3509397372, win 0, length 0
05:22:24.086977 IP 10.22.147.145.57894 > 10.52.52.163.telnet: Flags [S], seq 3512981520, win 5840, options [mss 1460,sackOK,TS val 1958514900 ecr 0,nop,wscale 7], length 0
05:22:24.087006 IP 10.52.52.163.telnet > 10.22.147.145.57894: Flags [R.], seq 0, ack 3512981521, win 0, length 0
05:22:24.734838 IP 10.22.147.145.57895 > 10.52.52.163.telnet: Flags [S], seq 3533081543, win 5840, options [mss 1460,sackOK,TS val 1958515548 ecr 0,nop,wscale 7], length 0
05:22:24.734852 IP 10.52.52.163.telnet > 10.22.147.145.57895: Flags [R.], seq 0, ack 3533081544, win 0, length 0
05:22:25.345969 IP 10.22.147.145.57896 > 10.52.52.163.telnet: Flags [S], seq 3531579629, win 5840, options [mss 1460,sackOK,TS val 1958516159 ecr 0,nop,wscale 7], length 0
05:22:25.345992 IP 10.52.52.163.telnet > 10.22.147.145.57896: Flags [R.], seq 0, ack 3531579630, win 0, length 0
05:22:25.862772 IP 10.22.147.145.57897 > 10.52.52.163.telnet: Flags [S], seq 3549506248, win 5840, options [mss 1460,sackOK,TS val 1958516675 ecr 0,nop,wscale 7], length 0
05:22:25.862783 IP 10.52.52.163.telnet > 10.22.147.145.57897: Flags [R.], seq 0, ack 3549506249, win 0, length 0
05:23:19.275442 IP 10.22.147.145.42257 > 10.52.52.163.ssh: Flags [P.], seq 1:49, ack 128, win 943, options [nop,nop,TS val 1958570092 ecr 40945512], length 48
[root@W2W-LIME-MHW ~]#

Please let me knwo if i am missing something here.

acid_kewpie · 08-06-2013, 04:33 AM

if you have nothing to connect to, you can't connect to it. something needs to listen... that's just basic TCP/IP

Sorry, but... you're a CCIE??? I find that very worrying. But then given that "RHEL" isn't even a certification...

srijivdimri · 08-06-2013, 05:03 AM

Chris, my apologies for the mis-typing of my Certification , I have corrected it.

Secondly, I do have a TCP Server and client set-up. I have the TCP Server running on the Colo Serevr and client on my machine. I am trying to connect on these ports on the server from the client.

tcp 0 0 0.0.0.0:21344 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:23154 0.0.0.0:* LISTEN
tcp 0 0 0.0.0.0:21364 0.0.0.0:* LISTEN
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN

So I am listening on those ports.

I was under the impression that I have already mentioned the TCP Server-Client set-up in my e-mail description above, so took it forward from there. I very well know that there has to be some service running that should accept the incoming connectiions and then respond back.

acid_kewpie · 08-06-2013, 11:54 AM

in all the tcpdump examples above you've not attempted to hit the right port, it shows you're hitting the telnet port instead.