Ports

SNMP and WMI are used to probe / gather information about services, disk space, Ping information and network details of remote machines. These two are needed for Monitoring tools. There are also many other ports used such as SSH.

WMI is Windows Management Instrumentation. Specifically for Windows.

SNMP is for both windows and Linux.

http://www.manageengine.com/network-monitoring/what-is-snmp.html

————-

Ports:

Total ports -> 65,535 TCP Ports and another 65,535 UDP ports. Upto 1024 ports are reserved ports. We can use from 1025 for our applications.

FTP – 20, 21

Used to transfer files over the internet using TCP/IP.

Active vs Passive FTP

Active FTP is old. Which uses a static port for data transfer from server to client. While Passive FTP was introduced later and uses dynamic port for data transfer from server to client. In general, upto 1024 ports are reserved ports. If there are 100 concurrent passive FTP connections, then FTP server would utilize 100 different port for the communication.

SSH – 22 (secure Shell)

Telnet – 23

Terminal emulation program that allows you to connect to a server and enter information and commands similar to if you were actually on the server terminal.

SMTP – 25

Protocol used to send email messages between servers.

DNS – 53 (Domain naming system)

DHCP – 67 Server and 68 client. Both UDP.

HTTP – 80

Used by the World Wide Web. Allows Web servers and browsers to communicate with each other.

Kerberos – 88 (authentication protocol). Kerberos is an authentication protocol. Microsoft uses customized Kerberos in Windows AD. From Windows 2003 server to Windows 2012 server, Microsoft uses Kerberos version 5.

POP – 110

Ping – Ping does not have any ports. Ping uses Internet Control Message Protocol (ICMP) to send echo packets across the network.

IMAP – 143 (Internet Message Access Protocol)

SNMP – 160 / 161 (TCP). There are 3 SNMP variants.

SNMP v1

SNMP v2c – This standard is used for server monitoring

SNMP v3 – This version is secure and requires login credentials needs to be entered.

AD LDAP – 389 (Light weight directory access protocol)

HTTPS – 443 (Hyper text transfer protocol with Secure Socket Layer)

MSSQL – 1433

Global Catalog queries – 3268

RDP – 3389 (Remote desktop protocol)

VMware

Vsphere web Client: https://vcenterIP:9443

Vcenter appliance: https://vcenterIP:5480

You can also connect Vcenter, ESXi via SSH using Putty.

SEP ports

Server port: 8443
Web console port: 9090
Client communications port: 8014
Web services port: 8444
Server control port: 8765
Reporting port: 8445

A good read:

http://www.jscape.com/blog/bid/80512/Active-v-s-Passive-FTP-Simplified

TCP vs UDP

UDP is actually expected to work better than TCP in lossy networks (or congested networks). TCP is far better at transferring large quantities of data, but when the network fails it’s more likely that UDP will get through. (in fact, I recently did a study testing this and it found that SNMP over UDP succeeded far better than SNMP over TCP in lossy networks when the UDP timeout was set properly). Generally, TCP starts behaving poorly at about 5% packet loss and becomes completely useless at 33% (ish) and UDP will still succeed (eventually).

So the right thing to do, as always, is pick the right tool for the right job. If you’re doing routine monitoring of lots of data, you might consider TCP. But be prepared to fall back to UDP for fixing problems. Most stacks these days can actually use both TCP and UDP.

As for sending TRAPs, yes TRAPs are unreliable because they’re not acknowledged. However, SNMP INFORMs are an acknowledged version of a SNMP TRAP. Thus if you want to know that the notification receiver got the message, please use INFORMs. Note that TCP does not solve this problem as it only provides layer 3 level notification that the message was received. There is no assurance that the notification receiver actually got it. SNMP INFORMs do application level acknowledgement and are much more trustworthy than assuming a TCP ack indicates they got it.

From: http://stackoverflow.com/questions/3565975/why-is-snmp-usually-run-over-udp-and-not-tcp-ip

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s