Listening Ports

Listening ports are the ports on a server that are able to accept TCP or UDP traffic. The Blue Matador agent keeps track of which ports are listening on your servers and detects when a port that was listening closes. When a port stops listening, it is a good indication that some software failure has occurred, such as a web server or database dying.

Effects

When a listening port is closed, any local and outside connections will begin to fail. This can have far-ranging effects, including:

• Web requests no longer accepted
• Server being removed from a load balancer
• Server failing autoscaling health check and being terminated
• Database connections failing on a database server

Troubleshooting

The port that was closed should indicate which application is no longer running.  For example if you were listening on port 80 then a web server like apache or nginx died and needs to be restarted.  For port 3306, then it could be a MySQL process that died.

It could also be the case that the software is running but has been changed to use a different port. If this is the case ensure that any upstream services have also been configured to use the new port, or else they will be unable to connect to your server.

The command   netstat -tlu  can be used to view the currently listening TCP and UDP ports on the server. The netcat and telnet tools are invaluable when debugging local networking issues, and can be used to quickly test connectivity to ports running locally and remotely.

Resources

• How to Use the Netstat Command (lifewire)
• How To Use Netcat to Establish and Test TCP and UDP Connections on a VPS (Digital Ocean)