Using a tcpdump to check that a service is not listening on specific port?

This article applies to:

• NAC

Question:

• How can I use a tcpdump to check that a service is not listening on a specific port?

Information:

1. Open a previously saved tcpdump (pcap file) with Wireshark.
2. Filter the trace so you can see the packets that you need. In the example below we are looking for the RADIUS server protocol so filter is set to UDP and IP address.



3. In the example you can see that there is a request coming from a RADIUS server but instead of a response, an ICMP packet is generated (Type 3, Code 3) with part of the original request.
   
   • That usually mean that the service is running on a different port on the server. 
   • In this case Wireshark gives a helpful description in the Info column.