Open TCP Ports Test
TCP is one of the main protocols used for network communication, and it requires establishing a connection between a client and server before data can be exchanged. When a port is "open", it means that a service or application is actively listening on that port for incoming network connections. Attackers often perform port scans to identify open ports and services running on a target system. This information can be used to plan further attacks or to exploit known vulnerabilities in the identified services. By proactively managing open TCP ports and implementing robust security practices, you can mitigate the risks associated with open ports and protect your network and systems. Open TCP Ports test helps the administration in this regard.
This test monitors the TCP ports and reports the ports that are listening. The detailed diagnosis helps the administrator to drill down and understand if the restricted ports are open. Using this test, administrators can find out how many restricted ports are open and listening.
This test is disabled by default. To enable the test, go to the enable / disable tests page using the menu sequence : Agents -> Tests -> Enable/Disable, pick the desired Component type, set Performance as the Test type, choose the test from the disabled tests list, and click on the < button to move the test to the ENABLED TESTS list. Finally, click the Update button.
Target of the test : Any host
gent deploying the test : An internal agent
Outputs of the test : One set of results for the target host being monitored.
| Parameter | Description |
|---|---|
|
Test period |
How often should the test be executed. |
|
Host |
The host for which the test is to be configured. |
|
Port |
The port number at which the specified host listens. By default, this is NULL. |
|
Select Port Type |
One of the most proactive measures by an administrator to enhance network security is to whitelist and blacklist ports in the target environment. This whitelisting and blacklisting of ports helps in controlling and managing which ports are accessible, and which ones are not. This greatly helps in reducing the risk of unauthorized access and protects against different cyber threats. When an administrator had whitelisted/blacklisted certain ports, he/she may want to identify if any of the blacklisted ports or ports that are not whitelisted in the target environment are open for communication. For this, he/she can choose either the Whitelisted Ports or Blacklisted Ports option from this list. By default, Whitelisted Ports option is chosen from this list. |
|
TCP Ports |
If you have chosen the Whitelisted Ports option from the Select Port Type list, then, specify a comma-separated list of TCP ports that are whitelisted in your environment. If any other of the ports apart from the ones mentioned in this text box are open for communication, then, administrators will be alerted of the same. For example, if you have specified 443, 7077 as the TCP ports that are whitelisted in your environment and if port 7777 is open for communication, then, an alert will be raised by eG Enterprise for the Blacklisted ports that are open measure. Similarly, if you have chosen the Blacklisted Ports option from the Select Port Type list, then, specify a comma-separated list of TCP ports that are blacklisted in your environment. If any of the ports mentioned in this text box are open for communication, then, eG Enterprise promptly captures those ports and an alert will be raised for the Blacklisted ports that are open measure. |
|
DD Frequency |
Refers to the frequency with which detailed diagnosis measures are to be generated for this test. The default is 1:1. This indicates that, by default, detailed measures will be generated every time this test runs, and also every time the test detects a problem. You can modify this frequency, if you so desire. Also, if you intend to disable the detailed diagnosis capability for this test, you can do so by specifying none against DD frequency. |
|
Detailed Diagnosis |
To make diagnosis more efficient and accurate, the eG Enterprise embeds an optional detailed diagnostic capability. With this capability, the eG agents can be configured to run detailed, more elaborate tests as and when specific problems are detected. To enable the detailed diagnosis capability of this test for a particular server, choose the On option. To disable the capability, click on the Off option. The option to selectively enable/disable the detailed diagnosis capability will be available only if the following conditions are fulfilled:
|
| Measurement | Description | Measurement Unit | Interpretation |
|---|---|---|---|
|
Total listening ports |
Indicates the total number of ports that are open and listening. |
Number |
Use the detailed diagnosis of this measure to find out which TCP ports are open and listening. |
|
Blacklisted ports that are open |
Indicates the number of ports that were blacklisted. |
Number |
Use the detailed diagnosis of this measure to find out which TCP ports are blacklisted. |
|
Total established |
Indicates the number of ports that were in established state. |
Number |
Use the detailed diagnosis of this measure to find out which TCP ports are in established state. |
