| Author |
Message
|
| Mangesh1187 |
 Posted: Fri Feb 23, 2018 4:27 am Post subject: Not able to see MQ listener port in the netstat output |
 |
|
Centurion
Joined: 23 Mar 2013
Posts: 116
|
I have MQ 8.0.0.4 installed on Linux & created a Queue manager QM1 with two listener.
Also I have started these listeners on the port 15000 & 15005 respectively. PFB screenshot :
display lsstatus(*) all
2 : display lsstatus(*) all
AMQ8631: Display listener status details.
LISTENER(LSNR1) STATUS(RUNNING)
PID(5901) STARTDA(2017-06-06)
STARTTI(12.38.19) DESCR( )
TRPTYPE(TCP) CONTROL(QMGR)
IPADDR(*) PORT(15000)
BACKLOG(100)
AMQ8631: Display listener status details.
LISTENER(LSNR2) STATUS(RUNNING)
PID(5902) STARTDA(2017-06-06)
STARTTI(12.38.19) DESCR( )
TRPTYPE(TCP) CONTROL(QMGR)
IPADDR(*) PORT(15005)
BACKLOG(100)
From command prompt I can see the runmqlsr process presence with these two ports :
[mqm@XXXXX ]$ ps -ef| grep runmqlsr
mqm 5901 5883 0 2017 ? 00:02:56 /opt/IBM/mqm/bin/runmqlsr -r -m QM1 -t TCP -p 15000
mqm 5902 5883 0 2017 ? 00:02:48 /opt/IBM/mqm/bin/runmqlsr -r -m QM1 -t TCP -p 15005
mquser 10895 9972 0 12:18 pts/0 00:00:00 grep runmqlsr
However when I tried to check these ports entries in the netstat outpt. (Expected these to be in LISTEN status)
[mqm@XXXXX]$ netstat -a | grep 15005
tcp 0 0 *:15005 *:* LISTEN
[mqm@XXXXX]$ netstat -a | grep 15000
[mqm@XXXXX]$
As seen in above output I can see entry for the port 15005 only. And don't see any entry for 15000 although the listener on this port is running.
Any veiew on this scenario ? |
|
| Back to top |
|
 |
| crashdog |
| Posted: Fri Feb 23, 2018 8:19 am Post subject: |
|
|
Voyager
Joined: 02 Apr 2017
Posts: 77
|
try
it will show all ports as numbers and not translated to the service names.
_________________
You win again gravity ! |
|
| Back to top |
|
|
| Mangesh1187 |
| Posted: Mon Feb 26, 2018 3:39 am Post subject: |
|
|
Centurion
Joined: 23 Mar 2013
Posts: 116
|
| crashdog wrote: |
try
it will show all ports as numbers and not translated to the service names. |
Thanks for your input. I checked with the netstat -an as you suggested and can see the enttries for both the listener ports, as given below :
[mqm@XXXX ~]$ netstat -an | grep 15000
tcp 0 0 0.0.0.0:15000 0.0.0.0:* LISTEN
tcp 0 0 w.x.y.z:15000 p.q.r.s:44959 ESTABLISHED
[mqm@XXXX ~]$
[mqm@XXXX ~]$ netstat -an | grep 15005
tcp 0 0 0.0.0.0:15005 0.0.0.0:* LISTEN
[mqm@XXXX ~]$
By looking at the above data I can come to the conclusion :
1) There are two listeners & both are runnin on their respective TCP port. 15000 & 15005.
2) Although both listeners are running , at the moment there are connections (foreign ip p.q.r.s. ) to this queue manager using 15000 port only. (by seeing state as ESTABLISHED)
However how to interpret the state LISTEN ?
Does it mean that the port is ready to listen the communication but at the moment nothing is being happening on this port.
Also what is the difference between LISTEN & LISTENING state ?
As both the listener are in running state I was expecting their state should be LISTENING instead of LISTEN ?
If we created a listener in Queue Manager , it is required to be configured it into the /etc/services file ?
During analysis I have come acrros a file /etc/services where number of entreies present in the order :
service-name port/protocol [aliases ...] [# comment]
What is the implication of this file ? If we created a listener in Queue manager & port 2012 & its running.
In what scenario we should add entry for hte port 2012 in /etc/services file. ? |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Mon Feb 26, 2018 5:46 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
Have you googled 'understanding netstat -an output'?
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Mangesh1187 |
| Posted: Mon Feb 26, 2018 9:45 pm Post subject: |
|
|
Centurion
Joined: 23 Mar 2013
Posts: 116
|
| bruce2359 wrote: |
| Have you googled 'understanding netstat -an output'? |
Yes.
netstat -a
will show the details of all the ports having any status & protocols.
netstat -an
will show the same details as of 'netstat -a' . The only difference is that any name resolution of port or hostname will not happened.
Instead it will show the exact IP address and the port numbers.
Also I found the LISTEN means that the socket is waiting for a connection.
However I am not able to find the difference between LISTEN & LISTENING status. (I tried to google, but not able to get exact answer)
What I observed in the 'netstat -an' output , some entries with tcp protocol showing status as LISTEN.
And some entries with unix protocol showing status as LISTENING.
I think LISTEN for tcp ports & LISTENING for unix port are same things. But not sure.
Apart form that I have another query. If we can reserve port for any perpendicular application. (e.g. IBM MQ Queue Manager on port 2012) so that no other application can use it.
I searched on google for the same , however not able to see the satisfying answer. |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Tue Feb 27, 2018 3:18 pm Post subject: Q |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| Mangesh1187 wrote: |
| If we can reserve port for any perpendicular application. (e.g. IBM MQ Queue Manager on port 2012) so that no other application can use it. I searched on google for the same , however not able to see the satisfying answer. |
There are reserved port numbers for well known apps, https://www.iana.org/assignments/service-names-port-numbers/service-names-port-numbers.xhtml
We normlally use 1414, 1415, 1416 etc for MQ queue managers, although I have seen other ranges successfully used (eg. 8001+, 14000+) WMMV. Refer to your n/w support specialists for your local organization standards.
_________________
Glenn |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Tue Feb 27, 2018 6:03 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
"Well-known" does not equal "reserved" in the sense that, for example, 1414 can only be used by MQ. "Reserved" refers to an industry standard for well established applications, the purpose of which is to avoid port usage conflicts.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Mangesh1187 |
| Posted: Wed Feb 28, 2018 4:39 am Post subject: |
|
|
Centurion
Joined: 23 Mar 2013
Posts: 116
|
| bruce2359 wrote: |
| "Well-known" does not equal "reserved" in the sense that, for example, 1414 can only be used by MQ. "Reserved" refers to an industry standard for well established applications, the purpose of which is to avoid port usage conflicts. |
So if I am corect , although 1414 is the Well_kknon port for IBM MQ service , this can be used by any other applicaiton / service , technically.
And same is true for all other ports as well.
Also technically we can't reserver any port for perticular service. Its n/w administrator to suggest the best possible ports for mthe avaiable once to be used by IBM MQ .
Right to say this  ? |
|
| Back to top |
|
|
| zpat |
| Posted: Wed Feb 28, 2018 4:57 am Post subject: |
|
|
Jedi Council
Joined: 19 May 2001
Posts: 5866
Location: UK
|
Ironically. many sites avoid the use of well-known ports since they are a target for hackers and are used by those who forget to change the defaults.
Generally one does not want anyone to connect to a production QM unless they really intended to use it, so avoiding default ports is a good idea.
_________________
Well, I don't think there is any question about it. It can only be attributable to human error. This sort of thing has cropped up before, and it has always been due to human error. |
|
| Back to top |
|
|
| Vitor |
| Posted: Wed Feb 28, 2018 5:58 am Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| zpat wrote: |
| Ironically. many sites avoid the use of well-known ports since they are a target for hackers and are used by those who forget to change the defaults. |
We're one such site; we typically avoid well known ports as far as possible (clearly we're stuck with 80, 443, 21, 22, etc.) but if we can change the port we will. Well known ports we abstract (so you'd connect to our web site through port 80 but that's not what the hosting server is using).
Lots of network appliances, firewalls and DNS tomfoolery. It may or may not confuse the hackers but it certainly confuses us.
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Wed Feb 28, 2018 8:47 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9469
Location: US: west coast, almost. Otherwise, enroute.
|
| Mangesh1187 wrote: |
| bruce2359 wrote: |
| "Well-known" does not equal "reserved" in the sense that, for example, 1414 can only be used by MQ. "Reserved" refers to an industry standard for well established applications, the purpose of which is to avoid port usage conflicts. |
So if I am corect , although 1414 is the Well_kknon port for IBM MQ service , this can be used by any other applicaiton / service , technically. |
Yes.
| Mangesh1187 wrote: |
| And same is true for all other ports as well. |
Yes.
| Mangesh1187 wrote: |
| Also technically we can't reserve any port for perticular service. Its n/w administrator to suggest the best possible ports for mthe avaiable once to be used by IBM MQ . |
They are just ports. There are 64K ports to choose from. None of them are "best possible." If by "reserved" you mean "prevent" use other than one you specify, then no, you cannot reserve.
I have a "reserved" parking space, but others park there. Same idea.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| Mangesh1187 |
| Posted: Wed Feb 28, 2018 11:11 pm Post subject: |
|
|
Centurion
Joined: 23 Mar 2013
Posts: 116
|
| Vitor wrote: |
| zpat wrote: |
| Ironically. many sites avoid the use of well-known ports since they are a target for hackers and are used by those who forget to change the defaults. |
We're one such site; we typically avoid well known ports as far as possible (clearly we're stuck with 80, 443, 21, 22, etc.) but if we can change the port we will. Well known ports we abstract (so you'd connect to our web site through port 80 but that's not what the hosting server is using).
Lots of network appliances, firewalls and DNS tomfoolery. It may or may not confuse the hackers but it certainly confuses us. |
 |
|
| Back to top |
|
|
| Mangesh1187 |
| Posted: Wed Feb 28, 2018 11:14 pm Post subject: |
|
|
Centurion
Joined: 23 Mar 2013
Posts: 116
|
| bruce2359 wrote: |
| Mangesh1187 wrote: |
| bruce2359 wrote: |
| "Well-known" does not equal "reserved" in the sense that, for example, 1414 can only be used by MQ. "Reserved" refers to an industry standard for well established applications, the purpose of which is to avoid port usage conflicts. |
So if I am corect , although 1414 is the Well_kknon port for IBM MQ service , this can be used by any other applicaiton / service , technically. |
Yes.
| Mangesh1187 wrote: |
| And same is true for all other ports as well. |
Yes.
| Mangesh1187 wrote: |
| Also technically we can't reserve any port for perticular service. Its n/w administrator to suggest the best possible ports for mthe avaiable once to be used by IBM MQ . |
They are just ports. There are 64K ports to choose from. None of them are "best possible." If by "reserved" you mean "prevent" use other than one you specify, then no, you cannot reserve.
I have a "reserved" parking space, but others park there. Same idea. |
Thanks bruce2359 , Vitor , zpat ,crashdog for your replies. This discussion realy cleared mose my doubts about port selections and related things.  |
|
| Back to top |
|
|
|
|
