Several ports that are used by IBM®
QRadar® allocate extra random
port numbers. For example, Message Queues (IMQ) open random ports for communication between
components on a managed host. You can view the random port assignments for IMQ by using telnet to
connect to the local host and doing a lookup on the port number.
Random port associations are not static port numbers. If a service is restarted, the ports that
are generated for the service are reallocated and the service is provided with a new set of port
numbers.
Procedure
-
Using SSH, log in to the QRadar
Console as the root user.
-
To display a list of associated ports for the IMQ messaging connection, type the following
command:
The results from the telnet command might look similar to this
output:
[root@domain ~]# telnet localhost 7676
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
101 imqbroker 4.4 Update 1
portmapper tcp PORTMAPPER 7676
[imqvarhome=/opt/openmq/mq/var,imqhome=/opt/openmq/mq,sessionid=<session_id>]
cluster_discovery tcp CLUSTER_DISCOVERY 44913
jmxrmi rmi JMX 0 [url=service:jmx:rmi://domain.ibm.com/stub/<urlpath>]
admin tcp ADMIN 43691
jms tcp NORMAL 7677
cluster tcp CLUSTER 36615
The telnet output shows 3 of the 4 random high-numbered TCP ports for IMQ. The fourth
port, which is not shown, is a JMX Remote Method Invocation (RMI) port that is available over the
JMX URL that is shown in the output.
If the telnet connection is refused, it means that IMQ is not
currently running. It is probable that the system is either starting up or shutting down, or that
services were shut down manually.