# P2P Listeners

### SMB | TCP Listeners

Peer-to-Peer (P2P) listeners allow Beacons to link their communications together to form a chain. The P2P types in Cobalt Strike are **TCP** and **SMB**.

If executing a P2P payload on a target manually, it won't appear in the UI until the `link` (for SMB Beacons) or `connect` (for TCP Beacons) command is used. You can also `unlink` P2P Beacons and then use `link` again from another Beacon to reorganize the chain.

### Pivot Listener

![](/files/SqDxEySlQDgi8Vaz8tR6)

This is another type of P2P listener that (currently only) uses TCP, but it works in the opposite direction to the regular TCP listener. When you spawn a Beacon payload that uses the TCP listener, that Beacon acts as a TCP server and waits for an incoming connection from an existing Beacon (TCP client).

Pivot Listeners are not created via the Listeners menu, but are bound to individual Beacons. This existing Beacon will bind a port and listen for incoming connections (acting as the TCP server), and a Beacon payload that uses the Pivot Listener will act as the TCP client.

```
beacon> run netstat -anpo tcp

netsh advfirewall firewall add rule name="Allow 4444" dir=in action=allow protocol=TCP localport=4444

netsh advfirewall firewall delete rule name="Allow 4444" protocol=TCP localport=4444
```

#### Notes:

* If port 445 is closed on the target, we can't use SMB listeners.
* If the target firewall doesn't allow arbitrary ports inbound, we can't use TCP listeners.
* If the current machine doesn't allow arbitrary ports inbound, we can't use Pivot listeners.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://hsaad.gitbook.io/x/red-teaming/pivoting-and-forwarding/p2p-listeners.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.