Port 5009 on Airport Devices

Is it possible to restart the listener on 5009, without rebooting the AP?

Not by any means Apple has given you, because that means you have no access to the TC controls at all. But did you try a soft reset??

Are there known reasons for the listener to stop working?

None that I can think of.. once it is off it will prevent any access at all. A firmware upgrade won't do that.

I assume the security issues alluded to in older posts have been mitigated by newer firmware versions.

When Apple discover a security hole they patch the firmware. Any firmware security update should fix that issue plus any outstanding that have not yet been fixed. Of course Apple do not release a whole lot of info about what they do.

If any particular update is so important as to make it essential to security the NVRAM setting is altered to change the min firmware level.

The latest update for example to 7.6.9 or 7.7.9 depending on the series is still reversible. In fact in the Gen 4 TC the list of firmware is still very long. So Apple still consider the security ok.. even if some particular issue is not fixed. So the latest one fixed the issue with KRACK but it is so specific that upgrade is not essential and lots of people do downgrade for various reasons.

Sorry to say but I think a TC where the control port has failed needs replacement. There is no repair method.

As per usual, if you are in warranty or have applecare or applecare still possible and the TC is less than 2 years old.. get Apple to replace it.

Email me directly and I can help you get console access maybe. rayhav@gmail.com

You might be able to get access to the errors and find out if something has failed.. but it will not tell you why.. nor will it fix the problem.. although you might be able to restart the daemon without actual power cycle.

How old is the TC that goes bad?

How long does it take for the TC to fail after a reboot?

The normal process I would try would be a

1. Factory reset

2. Firmware downgrade

3. Factory reset again

4. Reconfigure using tight SMB rules.

If you get no improvement after doing that then you can pretty much sure it is going to need replacement.

Port 5009 goes away perhaps once every 2-3 weeks

Ok that is not as serious as I was thinking.. I was thinking it happened daily.

Honestly I think the Airports are no where near as reliable as they used to be and a reboot every 3 weeks or so is not really that serious.

Anyway .. with SSH access you might be able to do something to help it out.. even if it is simply a remote reboot.

I think the Configure Other via IP is much richer than the standard Edit for an Airport device.

It is, but rather than use Configure Other...... and then manually enter an IP address and password, you might try....

Open AirPort Utility

Hold down the option key on your Mac while you double-click on the picture of the AirPort router

Any luck?

That is the full summary.. And is missing when you use the edit.. for reasons that I have no idea of.

As Bob says.. simply hold the option key and double click will bring up the full summary.

It does show more details than the "1/2 summary" you get by clicking the icon.

Apple never document most of these things.

Another puzzle if you are using a Time Capsule for Time Machine backups......and you have the time.....

Hold down the Shift key while you click on the Time Machine "clock" icon at the top of the Mac's screen.

You will see an option to Backup With Consistency Scan, which I think is the same thing as running Verify Backups and then running a normal backup. The genius at the Apple Store was amazed when I showed him this, since he could not find anything in his Apple documentation that mentioned anything about this "procedure".

FWIW, I came up with the following list of "listening" ports when testing my 802.11n / 802.11ac base stations (Extremes and TCs), using nMap:

• TCP 22 open [TCac ssh, OpenSSH 5.9 (NetBSD 20110907-hpn13v11-lpk; protocol 2.0) - nMap]
• TCP 22 open [TCn ssh, OpenSSH 4.4 (NetBSD 20061114; protocol 1.99) - nMap]
• TCP 139 open [TC netbios-ssn - nMap]
• TCP 445 open [TC microsoft-ds, Apple Time Capsule smbd - nMap]
• TCP 548 open [TC afp, Apple Time Capsule AFP (name: tc; protocol 3.3) - nMap]
• TCP 5009 open [AEBS, TC airport-admin, Apple AirPort or Time Capsule admin - nMap]
• TCP 9000 open [AEBS, TC, AX jetdirect - nMap]
• TCP 10000 open [AEBS, TC snet-sensor-mgmt - nMap]
• UDP 137 open [TC netbios-ns, Samba nmdb netbios-ns (workgroup: lp) - nMap]
• UDP 138 open|filtered [TC tcpwrapped - nMap]
• UDP 192 open|filtered [AEBS, TC tcpwrapped - nMap]
• UDP 514 open|filtered [AEBS, TC tcpwrapped - nMap]
• UDP 5001 open|filtered [TC tcpwrapped - nMap]
• UDP 5353 open [AEBS, TC mdns, DNS-based service discovery - nMap]