1

We have 3 similar surveillance video units. Each has a server that should be available on ports 80 and 443. One unit has suddenly become unavailable on port 80, and I'm working to determine what could be the cause. It was operating properly at 8:00 and was dead just before noon. I'm a software dev, not a network admin, so if I miss something or use the wrong terms, that's why.

I suspect something has been altered in the LAN's router config, but I don't have access to that and wanted to do as much testing as possible before blaming that team.

I'm looking for any method I can use to detect port blockage due to routing configuration or other router/firewall settings.

The first thing I checked was for duplicate MAC or IP addresses, using sudo arp-scan --interface=eth1 --localnet. That came up clean.

Then I hit it with nc:

~$ nc -v -w 5 -z 192.168.1.170 80
nc: connect to 192.168.1.170 port 80 (tcp) failed: Connection refused
~$ nc -v -w 5 -z 192.168.1.170 443
Connection to 192.168.1.170 443 port [tcp/https] succeeded!

A port scan with nc:

nc -v -w 5 -z 192.168.1.170 70-500
...
nc: connect to 192.168.1.170 port 80 (tcp) failed: Connection refused
...
Connection to 192.168.1.170 443 port [tcp/https] succeeded!
...

Ping is fine:

$ ping -c 5 192.168.1.170
PING 192.168.1.170 (192.168.1.170) 56(84) bytes of data.
64 bytes from 192.168.1.170: icmp_req=1 ttl=64 time=2.13 ms
64 bytes from 192.168.1.170: icmp_req=2 ttl=64 time=0.615 ms
64 bytes from 192.168.1.170: icmp_req=3 ttl=64 time=0.513 ms
64 bytes from 192.168.1.170: icmp_req=4 ttl=64 time=0.618 ms
64 bytes from 192.168.1.170: icmp_req=5 ttl=64 time=0.441 ms

--- 192.168.1.170 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 3999ms
rtt min/avg/max/mdev = 0.441/0.864/2.135/0.639 ms

Some curl tests:

$ curl -k -s -S -u USER:PASS -w "%{http_code}\\n" "http://192.168.1.170" -o /dev/null
000
curl: (7) couldn't connect to host
$ curl -k -s -S -u USER:PASS -w "%{http_code}\\n" "https://192.168.1.170" -o /dev/null
200

I tried a few other curl commands with identical results: Nothing on :80, all good on :443.

Can anyone recommend any other tools to probe port configurations on a LAN IP, without admin access to the router?

UPDATE: after posting this, I kept exploring. Since I had normal access on :443 I accessed its control panel and set the non-secured server to listen on :10000 of the same IP. I had normal access and performance at http://192.168.1.170:10000. It appears only port 80 is affected.

Paul S.
  • 153
  • 9

1 Answers1

2

I really don't think that there is much we can do you help you. The connection refused message generally means that nothing is listening on the port rather than it being blocked. To diagnose this you really need to be able so 'see' on the box in question if there is anything listening on the port.

  • Check any logs you have access to, to see if there are any relevant messages.
  • Find out how to gain console access and check logs/ports etc.
  • Speak nicely to the network admins and ask if they can help - blaming them doesn't.
  • Schedule a maintenance window and restart the box.

Basic diagnostics really but you can't do this without suitable access and without access there is little you can do beyond what you have already.

user9517
  • 115,471
  • 20
  • 215
  • 297
  • Iain, your answer is actually very helpful. It tells me I have done proper due diligence prior to pursuing the issue with the network admin. Your reminder to speak nicely is also appreciated. That normally is my nature. However, items critical to my work randomly disappear from the network on a regular basis, and my patience has worn thin. – Paul S. Mar 28 '14 at 16:09