Tackle X11 remote display issue

We attempt to export a X11 display of a server to a remote computer. However the display does not appear on the remote host.
We need to identify where it fails.

Check the client firewall

Obvious… but so necessary….
– Check (and temporary deactivate if possible) the firewall of the client.

Check that display is well exported on the server

Yes this is evident but has to be checked first…

Verify that the client is listening

  • Check on the client that MOBAXterm or Exceed or another X server is effectively listening to port 6000
  • Use netstat command to see if something is listening on port netstat –ano

Traceroute from server to the client

This could show an intermediate firewall or netxork equipment that may filter the traffic
traceroute -p 6000 target_ip

Test connectivity with Nmap X11 script

Nmap provides X11 testing scripts to ease debug.
I did some tests to compare script results with 2 known working machines on the same subnet (that work) and the real server->client setup.
Results show differences. In the second attempt, Nmap indicates that X11 traffic may be filtered and X11 session cannot be started.

Attempt connection between working LAN machines:

nmap -Pn -p6000 --script x11-access target_IP_address_that_works

Starting Nmap 5.51 ( http://nmap.org ) at 2015-02-19 16:37 CET
Nmap scan report for target_host_that_works (target_IP_address_that_works)
Host is up (0.0011s latency).
PORT     STATE SERVICE
6000/tcp open  X11
|_x11-access: X server access is granted

Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds

Attempt connection to the real client computer

nmap -Pn -p6000 --script x11-access target_IP_address

Note the filtered X11 words in result. Chances are high that a firewall is blocking our destination port.

Starting Nmap 5.51 ( http://nmap.org ) at 2015-02-19 16:37 CET
Nmap scan report for target_computer.corp (target_IP_address)
Host is up.
PORT     STATE    SERVICE
6000/tcp filtered X11

Nmap done: 1 IP address (1 host up) scanned in 2.08 seconds

Re-check the client firewall

Yes, yes, already said…. but the gap between theory and practice ….just redo it….

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.