dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
767
Cynyster
Premium Member
join:2008-04-14
Lorain, OH

Cynyster

Premium Member

Check outgoing ports (preferably with a handheld apliance)

I am looking for an easy way to check to see if a network has certain specific outgoing ports to the internet.

This is the scenario. I have a network appliance that is several thousand dollars that uses nonstandard ports (10000 both tcp and udp) to communicate with a base unit across the internet.
I go from place to place (schools, colleges, auditoriums, etc) connect this expensive device to their network only to find that the outgoing ports I need are blocked.

I am looking for an inexpensive & simple way to test these ports. preferably a handheld device that anyone could plugin and see a green light if the ports are open. In-lieu of that . Perhaps something one can attach to a smart phone or a net book.

Rather than having thousands of dollars bouncing around unnecessarily.

Thanks

sivran
Vive Vivaldi
Premium Member
join:2003-09-15
Irving, TX

sivran

Premium Member

Root your phone, get nmap.
Cynyster
Premium Member
join:2008-04-14
Lorain, OH

Cynyster

Premium Member

Thanks for that... but I was hoping for something I could hand to a non-techy to check for me.

Brano
I hate Vogons
MVM
join:2002-06-25
Burlington, ON
(Software) OPNsense
Ubiquiti UniFi UAP-AC-PRO
Ubiquiti NanoBeam M5 16

1 edit

Brano to Cynyster

MVM

to Cynyster
said by Cynyster:

I am looking for an easy way to check to see if a network has certain specific outgoing ports to the internet.

An alternative is to ask them to go to ShieldsUP!, run the test and send you the result.
»www.grc.com/shieldsup

And as already mentioned, you can scan them with nmap from comfort of your home if you know their public IP »nmap.org

EDIT: I misread your question. For outgoing ports you'll never know unless you test from inside. Many properly configured networks allow connections only through proxy and often for authenticated clients.
What is the appliance? Sometimes it is better to "bring your own internet" to do the job. For example cell phone with WiFi tethering.
Shady Bimmer
Premium Member
join:2001-12-03

Shady Bimmer

Premium Member

said by Brano:

said by Cynyster:

I am looking for an easy way to check to see if a network has certain specific outgoing ports to the internet.

And as already mentioned, you can scan them with nmap from comfort of your home if you know their public IP »nmap.org

That would scan inbound ports, not outbound which was the direction in the OP query.

To the OP:
- You can ask the vendor of the network appliance (or the related service provider if one exists) the same question: Is there a way you can (or request someone) determine if such connectivity exists at a given site prior to connecting or attempting to use the appliance.
- You can ask the network administrator (or someone performing such a role) at the site if such access is permitted outbound from their network.

Link Logger
MVM
join:2001-03-29
Calgary, AB

Link Logger to Cynyster

MVM

to Cynyster
Get an old fashion network hub (ie not a switch), hook your appliance into it and then hookup a system running something like Wire Shark so you can sniff the outbound traffic and see what outbound ports it is using.

You are asking a lot of 'anyone' as this isn't an 'anyone' task as they for example need to understand at least networking.

Blake
HELLFIRE
MVM
join:2009-11-25

HELLFIRE to Cynyster

MVM

to Cynyster
said by Cynyster:

I am looking for an easy way to check to see if a network has certain specific outgoing ports to the internet.

...I'll bite... why?

As others have said, NMAP is probably the best option out there? A command prompt and wireshark is another option out
there, but both options rely on you knowing how to operate these tools.

Where I'm getting my IT senses tingling is these places you want to check if certain outbound port(s) to be open
may have measures in place to detect such scans, and policies in place that consider such an act grounds for
dismissal / termination / law enforcement being contacted, etc. Consider it the equivalent of letting someone
into your house and they're surreptitiously casing it for the valuables present, etc.

My 00000010bits

Regards

Regards

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie to Cynyster

Member

to Cynyster
said by Cynyster:

I am looking for an easy way to check to see if a network has certain specific outgoing ports to the internet.

The proper route, to not run afoul of rules and regulations, is to contact either the network admin/department or someone that is assigned the responsibility of the net infrastructure beforehand for prior approval.

OldCableGuy3
@207.191.193.x

OldCableGuy3 to Cynyster

Anon

to Cynyster
Set up a web server on that port running on your network, send a link to it to someone who works at the location and have them tell you if you can access it. I can tell you on all the networks I am responsible for, high ports are always blocked to prevent Bittorrent. You should really use an IANA assigned port.
OldCableGuy3

OldCableGuy3 to Cynyster

Anon

to Cynyster
You need to have a host on the internet that has all ports open if you want to build a table of what is allowed out egress from a firewall. When we buy a company the first thing I do is send a laptop to the office have them connect it, and run an nmap scan of egadz. metasploit.com which is configured to respond with ACK on every TCP/UDP from 1 - 65534

Chubbzie
join:2014-02-11
Greenville, NC
Hitron CDA3
(Software) OpenBSD + pf

Chubbzie to Cynyster

Member

to Cynyster
said by Cynyster:

preferably a handheld device that anyone could plugin

On a properly configured network you will more than likely trip port security & that port will be disabled.

I still say your best option is to contact the network group first and just ask. The several thousand dollar network appliance you are using is but a drop in the bucket compared to the cost of the network you are attaching to...

On the other hand if your plan is to subvert the network in any way, shape or form I will bow out of this conversation.

Steve
I know your IP address

join:2001-03-10
Tustin, CA

Steve to Cynyster

to Cynyster
said by Cynyster:

I have a network appliance that is several thousand dollars that uses nonstandard ports (10000 both tcp and udp) to communicate with a base unit across the internet.

I go from place to place (schools, colleges, auditoriums, etc) connect this expensive device to their network only to find that the outgoing ports I need are blocked.

The network isn't the problem, the appliance is. Networks are increasingly setting up egress control to block exactly what you're trying to accomplish, and it's only going to get much worse.

Get some kind of portable VPN endpoint that your appliance can connect behind, and let the VPN carry the traffic across the internet. I imagine even a Windows laptop could be configured to operate in this way with some additional software.

In the best case, the other end would be at the mothership the appliance is phoning home to, but if it's at some third-party you don't control, set up the other end of the VPN on a network you control, and where it's a known-clean path to the real mothership.

It's going to be some amount of work for you up front, but once it's done, I imagine it will be mostly plug and play everywhere you go.

Steve