RE: verifying an open or closed port on an ip address

From: Norberto Meijome (sysadmin_at_lef.com.au)
Date: 08/08/03

  • Next message: Dana Epp: "Re: file transfer over outbound port 80?"
    To: <security-basics@securityfocus.com>
    Date: Fri, 8 Aug 2003 11:02:57 +1000
    
    

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    True, telnet is probably the easiest way to check...but since telnet is
    a TCP connection, it would only report TCP ports...if you want to test
    if you have something waiting on port UDP/677 you will need some of the
    other tools (send UDP packet, and then wait for a reply).

    Also, don't forget that depending on your firewall settings, you could
    get a 'not listening' from where you are testing, but the same port
    could be open to traffic originated from another IP. To be thorough, you
    should run the full test (with the port scanning tool of your choice)
    from your LAN, DMZ and outside your firewall. (of course you should know
    what your firewall is doing, but testing to confirm is always good).

    Cheers,
    Beto
    - --
    Norberto Meijome

    "The only people that never change are the stupid and the dead", Jorge
    Luis Borges.

    NOTICE: The contents of this email and its attachments are confidential
    and intended only for the individuals or entities named above. If you
    have received this message in error, please advise the sender by reply
    email and immediately delete the message and any attachments without
    using, copying or disclosing the contents. Thank you.

    > -----Original Message-----
    > From: David Bettermann [mailto:security_01@nerv.de]
    > Sent: Friday, 8 August 2003 8:07 AM
    > To: security-basics@securityfocus.com
    > Subject: Re: verifying an open or closed port on an ip address
    >
    >
    > Hi Ian,
    >
    > > I am looking for a windows compatible utility or method, preferably
    > > command line, where I can verify whether a port on an ip address is
    > > reachable or not. I want to be able to do individual ports and not
    > > port scans. Say for instance I wish to verify that port
    > 677 is closed
    > > to traffic on ip address Ex. 172.16.0.1, I'm looking for a utility
    > > that would do something like:
    >
    > > Check 172.16.0.1 port 677
    >
    > how about a quite simple "telnet 172.16.0.1 677" issued from
    > the command line?
    >
    > > and tell me whether that port was reachable.
    >
    > Command times out / reports an error: port closed
    >
    > Telnet connects: well, there's something listening on that
    > particular port... and may even be greeting you with an
    > identifying banner.
    >
    > [...]
    >
    > > There may be a simple way to do this...
    >
    > maybe someone's got an even simpler solution?
    >
    > cu :)
    >
    > David B.
    >
    > --
    > Thank you for calling $PROVIDER helpdesk. If your cupholder
    > is broken, please press 1. If you want an actual knowledgable
    > support person, please enter the IP representation of a /28 netmask.
    >
    >
    > --------------------------------------------------------------
    > -------------
    > --------------------------------------------------------------
    > --------------
    >
    >
    -----BEGIN PGP SIGNATURE-----
    Version: GnuPG v1.2.1 (MingW32)

    iQEVAwUBPzL2vzDkbFCByVaIAQIz9Qf+MY31vRfLwVDCzfcirt5rHuW8MblIJ9s9
    VSBO/hzmgonu/tak4xuHQpROmWyQ0JaIUjvSRt2ECyvGFV0WG8HQDysbtz1UJY8s
    lHrWY1DOoFBqvx3SX1qN38pk2bCdIJmi+i9EwFTQzwPktcJSmDUT24QXS5J9PXpx
    0pPBXpcqrHKEuNnnXP4vV+SYzco7uUhafDNgdco/XNUSviZ5NcT0D5K2pvL6UFzb
    kSE4lAOQO16e09zKCR7KRQ0omhmpCxsDSuU4Z4m0owSve525rrubDIiMAnwBH6dU
    zFjjDckPkWBtsdkQ1bzFmCDXQMf1vElfAaZP0RmKeoNJL/cfScAZMQ==
    =swHk
    -----END PGP SIGNATURE-----

    ---------------------------------------------------------------------------
    ----------------------------------------------------------------------------


  • Next message: Dana Epp: "Re: file transfer over outbound port 80?"