[H-GEN] vnc ports?

Tony Nugent tony at linuxworks.com.au
Mon Jun 16 12:17:47 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]

On Mon Jun 16 2003 at 22:18, David wrote:

>  El Lunes 16 Junio 2003 21:52, Michael Anthon escribio:
> 
> > David wrote:
> > > Can anyone tell me which ports I need to open in a firewall to
> > > allow vnc access?
> >
> > By default VNC uses port 5900 + n, where n is the display number.
[ ... good summary deleted ... ]

> I don't suppose there's a way I can test it from home. e.g. use
> ssh on the Linux box here to test if it works. I mean, I can vnc
> direct to the win2K machine ok, but rather than waiting until I
> get to the office tomorrow and trying it, I won't know if it's
> working.

[ ... to which Michael Anthon gave an excellent reply with a working
      example of an ssh tunnel ... ]

> When I log on to the router I can open port 5900 but it gives me
> TCP and UDP options and I don't know which is correct.

There are some excellent tools that will allow you to look at
network traffic and do testing and diagostic work.  The most common
tool is tcpdump, and if you have a gui available (X is not so common
on routers) then ethereal is an excellent tool.  (Ethereal uses the
same libpcap library as tcpdump, so their output format is similar
and readable by each other).

To use tcpdump to discover which ports are being used by an app like
VNC, then you would start running (on the router) something like
this and look at what traffic is generated on (eg) your ppp
interface:

$ tcpdump -ni ppp0 host 192.168.24.111
tcpdump: listening on ppp0
01:28:12.989661 192.168.1.103.33942 > 192.168.24.111.5900:
 S 3347285807:3347285807(0) win 5840
 <mss 1460,sackOK,timestamp 14395938 0,nop,wscale 0> (DF)

  [  all numbers are just examples, the output line has been ]
  [  broken for readability                                  ]

This output indicates a tcp-syn packet originating from src port
33942 on host 192.168.1.103, going to host 192.168.24.111, dst port
5900.  For more information about the format of the output (which is
protocol dependent), I would urge you to check the "output format"
section of the tcpdump(1) man page.  This packet is quickly
identified as a tcp packet because of what information is shown
about it.

If there is a lot of traffic being captured, then you can use
"filters" to show (or exclude) only specific traffic, eg, to isolate
the packets that you are really interested in.  For example, this
will only show ICMP traffic to or from 192.168.24.111

$ tcpdump -ni ppp0 icmp and host 192.168.24.111

There are several internet protcols, there is a list of them (along
with their protocol numbers) in /etc/protocols.  Known port names
are specified in /etc/services.  (tcpdump uses both of these system
files to name ports, protocols and hostnames when used without the
"-n" switch).

> I did ssh <ipaddress> and it returned connection refused.
> ssh //<ipaddress> returns name or service not known.

Connection refused is a classic symptom that either there is nothing
listening on that port, or a firewall has blocked the packet with
the equivalent of a "iptables -j REJECT" rule (which has generated
an ICMP error reply packet).

Try doing something like this:

$ tcpdump -ni ppp0 host 192.168.24.111 and port 22

Now try to ssh to that ip address again to see what traffic is
generated by your efforts.  Assuming that the dst host has an sshd
daemon running and that /etc/hosts.{allow,deny} on that box are
allowing access to port 22, then check the output of "iptables -nvL
INPUT" to see if there are any rules that are rejecting the
connection.

> thanks for the help
> David the newbie  :-)

I hope this is useful to help you to help yourself... linux comes
with a powerful armoury of tools for diagnosing all sorts of
problems, looking at what's going on, and then controlling it.  For
a newbie, linux is a massive learning curve... it takes time to sort
out what is going on, what utilities tools are available, and then
to learn how to use them effectively.  But you seem to be well on
your way to becoming a minor guru in networking - linux tends to do
that to people :)

BTW, I just tried a quick google[1] on "vnc ports" and quickly got some
answers to your original question...

  [1] http://www.google.com/linux is an excellent URL for searching
  for linux-specific information.

Have fun...

Cheers
Tony

--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list