JMX ports to open in firewall for jconsole to Cassandra

  1. Port 7199
    1. Used for about a dozen packets when JMX connection first made
      1. A handshake of sorts
      2. Probably sets up the agreement on which high port to connect to, used below
        1. Similar to SIP
        2. Similar to old FTP
    2. Not used again after initial handshake
  2. Port range 55000 to 55999
    1. To see these packets, on JVM server
      1. tcpdump -nn ! port 22 and host <jconsole client IP> (not literal, replace this)
  3. If jconsole starts showing graphs, you are connected
To run jconsole directly on the server via VNC, see this article:

Tricks and Tips
  1. If you don't want to expose 1000 ports to the world for some reason
    1. Open all ports on firewall in front of JVM server
    2. On JVM server: tcpdump -nn ! port 22 and host <jconsole client IP>
    3. Start jconsole connection on client machine
    4. Watch to see which port JVM server is trying to reach jconsole client via
    5. Close all but that port in the firewall, will be between 55000-55999
  2. Do a local experiment to a local JVM JMX-able application if unsure of good jconsole connection result
  3. Get your external IP from where you are running jconsole client
    1. CLI: curl
    2. Or web browser:


Popular posts from this blog

Debugging pfsense firewall rules clearly and easily

Direct ssh to a server via proxy using putty/plink on Windows

telnet vs netcat