Unexpected listening ports seen with show netstat listening yes command on Panorama

Unexpected listening ports seen with show netstat listening yes command on Panorama

24051
Created On 04/19/23 15:07 PM - Last Modified 06/07/23 18:33 PM


Symptom


When running the show netstat command there are ports are shown as listening that are not listed in the https://docs.paloaltonetworks.com/pan-os/10-2/pan-os-admin/firewall-administration/reference-port-number-usage/ports-used-for-panorama

Some examples are ports 28773, 28777, and 111 

> show netstat listening yes numeric-ports yes numeric-hosts yes 

Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State 
tcp        0      0   0.0.0.0:28773           0.0.0.0:*             LISTEN 
tcp        0      0   0.0.0.0:28777           0.0.0.0:*             LISTEN    
tcp        0      0   0.0.0.0:111             0.0.0.0:*             LISTEN 
....(other lines removed for readability)

These ports are used for internal communication on the device.  While the show netstat command displays as listening for external connections, other mechanisms will drop any externally generated packets destined for these ports.  External port scans will not show these ports as available for connections.  Only the CLI show netstat command run by an administrator logged into the device will show these ports.  

Environment


Panorama, all PAN-OS versions
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA14u000000g1PoCAI&lang=en_US%E2%80%A9&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language