[H-GEN] vnc ports?

David davido at bigpond.net.au
Tue Jun 17 07:26:39 EDT 2003 

[ Humbug *General* list - semi-serious discussions about Humbug and     ]
[ Unix-related topics. Posts from non-subscribed addresses will vanish. ]


thanks for all the excellent  replies and suggestions, guys. I'll have to read 
them a couple of times and try to digest it  :-) I spoke to the sysadmin guy 
at work (friend of mine... hi Ewan  :-)  and he suggests that vnc ports, 
etc., are probably blocked by the corporate firewall, so I'm not sure how 
that will affect me.

Looks like a weekend job.
thanks again
David

 El Martes 17 Junio 2003 02:17, Tony Nugent escribió:
> [ Humbug *General* list - semi-serious discussions about Humbug and     ]
> [ Unix-related topics. Posts from non-subscribed addresses will vanish. ]
>
> On Mon Jun 16 2003 at 22:18, David wrote:
> >  El Lunes 16 Junio 2003 21:52, Michael Anthon escribio:
> > > David wrote:
> > > > Can anyone tell me which ports I need to open in a firewall to
> > > > allow vnc access?
> > >
> > > By default VNC uses port 5900 + n, where n is the display number.
>
> [ ... good summary deleted ... ]
>
> > I don't suppose there's a way I can test it from home. e.g. use
> > ssh on the Linux box here to test if it works. I mean, I can vnc
> > direct to the win2K machine ok, but rather than waiting until I
> > get to the office tomorrow and trying it, I won't know if it's
> > working.
>
> [ ... to which Michael Anthon gave an excellent reply with a working
>       example of an ssh tunnel ... ]
>
> > When I log on to the router I can open port 5900 but it gives me
> > TCP and UDP options and I don't know which is correct.
>
> There are some excellent tools that will allow you to look at
> network traffic and do testing and diagostic work.  The most common
> tool is tcpdump, and if you have a gui available (X is not so common
> on routers) then ethereal is an excellent tool.  (Ethereal uses the
> same libpcap library as tcpdump, so their output format is similar
> and readable by each other).
>
> To use tcpdump to discover which ports are being used by an app like
> VNC, then you would start running (on the router) something like
> this and look at what traffic is generated on (eg) your ppp
> interface:
>
> $ tcpdump -ni ppp0 host 192.168.24.111
> tcpdump: listening on ppp0
> 01:28:12.989661 192.168.1.103.33942 > 192.168.24.111.5900:
>  S 3347285807:3347285807(0) win 5840
>  <mss 1460,sackOK,timestamp 14395938 0,nop,wscale 0> (DF)
>
>   [  all numbers are just examples, the output line has been ]
>   [  broken for readability                                  ]
>
> This output indicates a tcp-syn packet originating from src port
> 33942 on host 192.168.1.103, going to host 192.168.24.111, dst port
> 5900.  For more information about the format of the output (which is
> protocol dependent), I would urge you to check the "output format"
> section of the tcpdump(1) man page.  This packet is quickly
> identified as a tcp packet because of what information is shown
> about it.
>
> If there is a lot of traffic being captured, then you can use
> "filters" to show (or exclude) only specific traffic, eg, to isolate
> the packets that you are really interested in.  For example, this
> will only show ICMP traffic to or from 192.168.24.111
>
> $ tcpdump -ni ppp0 icmp and host 192.168.24.111
>
> There are several internet protcols, there is a list of them (along
> with their protocol numbers) in /etc/protocols.  Known port names
> are specified in /etc/services.  (tcpdump uses both of these system
> files to name ports, protocols and hostnames when used without the
> "-n" switch).
>
> > I did ssh <ipaddress> and it returned connection refused.
> > ssh //<ipaddress> returns name or service not known.
>
> Connection refused is a classic symptom that either there is nothing
> listening on that port, or a firewall has blocked the packet with
> the equivalent of a "iptables -j REJECT" rule (which has generated
> an ICMP error reply packet).
>
> Try doing something like this:
>
> $ tcpdump -ni ppp0 host 192.168.24.111 and port 22
>
> Now try to ssh to that ip address again to see what traffic is
> generated by your efforts.  Assuming that the dst host has an sshd
> daemon running and that /etc/hosts.{allow,deny} on that box are
> allowing access to port 22, then check the output of "iptables -nvL
> INPUT" to see if there are any rules that are rejecting the
> connection.
>
> > thanks for the help
> > David the newbie  :-)
>
> I hope this is useful to help you to help yourself... linux comes
> with a powerful armoury of tools for diagnosing all sorts of
> problems, looking at what's going on, and then controlling it.  For
> a newbie, linux is a massive learning curve... it takes time to sort
> out what is going on, what utilities tools are available, and then
> to learn how to use them effectively.  But you seem to be well on
> your way to becoming a minor guru in networking - linux tends to do
> that to people :)
>
> BTW, I just tried a quick google[1] on "vnc ports" and quickly got some
> answers to your original question...
>
>   [1] http://www.google.com/linux is an excellent URL for searching
>   for linux-specific information.
>
> Have fun...
>
> Cheers
> Tony

-- 
"He who knows others is wise; he who knows himself is enlightened" - Laotzu


--
* This is list (humbug) general handled by majordomo at lists.humbug.org.au .
* Postings to this list are only accepted from subscribed addresses of
* lists 'general' or 'general-post'.  See http://www.humbug.org.au/

More information about the General mailing list