mdm6
Premium
join:2003-12-24
Huntington Beach, CA
|  Scan outgoing ports
Does anyone know of a (Windows-based) tool that will scan and identify outgoing ports? I'd like to be able to run a utility from a PC on a LAN and identify all ports that are open in the router to allow outgoing connections. Maybe there's an easy way to do this, but I can't find one... |
|
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY
| By default (and requirement really), your router will open up any and all ports for outgoing connections. ANY and ALL traffic from the "inside" going "out" will be allowed, unless your router allows for blocking specific protocols or ports or addresses.
After the connection is done, the port is closed.
Is that what you mean?
If you want to see what connections on a PC are trying to establish outgoing (non listening) connections you can type netstat -ano at the command prompt (-ano will also give you the PID/Process ID of the process making the connection) and compare that to your task manager.
You can also use TCPVIew »www.sysinternals.com/ntw2k/sourc···ew.shtml
Works better with NT-based Windows as opposed to 9X Windows.
--
The reason you think I'm way on the left is cause you're so far to the right
Sygate Firewall
Why I mistrust Zone Labs
Use BBR Search |
|
mdm6
Premium
join:2003-12-24
Huntington Beach, CA
| Thanks, but that's not what I need. Basically, I want to test routers that I do not have administrative access to. Right now, I can manually just use telnet on various port numbers and see what happens. This also requires that I have a server on the internet that will answer on all these port numbers.
I'm looking for some kind of scanner that I can run from the LAN to see which ports are let out. |
|
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY | I think we have a vocabulary issue.
You want to test what ports are let in.....
You are outside, and you want to test a router to see if you can get by it and to the stuff it is protecting, yes? |
|
mdm6
Premium
join:2003-12-24
Huntington Beach, CA | No. I guess I'm not being clear.
I want to connect a PC to the LAN side of a router and test which ports the router will allow for outgoing connections. |
|
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY
| I don't get it. It will allow all of them unless configured otherwise. There's no security hole in that per se, since the connection is started on the trusted side. Refer to my first post.
Are you trying to test if a particular outgoing port has been configured to be blocked? Check the Router config, then if it is still blocked check with your ISP (who often block outgoing 25 and 80). Something like that?
--
The reason you think I'm way on the left is cause you're so far to the right
Sygate Firewall
Why I mistrust Zone Labs
Use BBR Search |
|
mdm6
Premium
join:2003-12-24
Huntington Beach, CA | Note that I said I will not have admin access to the routers being tested. So, yes I am trying to see if any/all outgoing ports are blocked. And no, I can't do this just by looking at the router's config. |
|
jvmorris
I Am The Man Who Was Not There.
Premium,MVM
join:2001-04-03
Reston, VA
| reply to atangel
atangel,
(To further add to the confusion  ), he's said "I want to test routers that I do not have administrative access to." This doesn't sound like a typical SOHO NAT router to me (and certainly not one which the OP is in a position to either configure or simply check its configuration).
However, I'm still in a bit of confusion as to whether he wants to check the originating ports allowed (from his test PC on the LAN) or the destination ports to which communication is allowed by this router.
In the first instance, almost every router will accept originating ports in the range of 1000-5000, by default; most will (again by default) accept any originating port.
In the latter instance, some of these routers can be configured to restrict the destination ports allowed; this may be the issue here.
--
Regards, Joseph V. Morris |
|
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY
1 edit | reply to mdm6
Sounds more like a hacking excersize (an attempt to get around some workplace filtering or some similar)... I'll politely bow out now...
Edit: JVMorris, ya posted while I was writing... Don't know and confused myself. Initially forgot that part while focusing on the scanning issue. |
|
mdm6
Premium
join:2003-12-24
Huntington Beach, CA
| reply to jvmorris
Yes, I'm trying check which destination ports are allowed/blocked. As I mentioned, I can easily do this manually, it will just take some time.
atangel,
This is not a hacking exercize, but yes, I am checking routers in remote offices to determine which services employees have access to. Anyway, thanks for the help. |
|
EGeezer
Go Bobcats
Premium
join:2002-08-04
Country!
 ·Callcentric
 ·RoadRunner Cable
·AT&T CallVantage
2 edits | reply to mdm6
The best way to find out is ...
Based on »Re: Scan outgoing ports
you don't have admin access to the router(s). Therefore, the most reliable and easiest way is to contact the administrators of the router(s) and ask them. They most likely are responsible for the network's security and performance and would need to know what your requirements are so they could accomodate you.
Edit - it it's remote nets, what atangel  says below applies too. If they are "user level", you may need to step a trusted employee through a signon to retrieve the settings. If no one has passwords - well, that's a whole 'nother problem.
EG |
|
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY
1 edit | If these are organizations you have a relationship with, a quick e-mail to their IT staff ought to generate the information you want, more clearly and quickly, of the services they want published and used. You can't be sure what service is behind a particular port with 100% certainty.
edit: egeezer beat me to it! |
|
mdm6
Premium
join:2003-12-24
Huntington Beach, CA | Thanks for the suggestions - I am aware of these other options. I gather that there is no "nmap-like" tool to do what I'm asking or someone would have mentioned it by now...
Thanks again. |
|
B
Premium,MVM
join:2000-10-28
| Why is this so difficult?
All you have is run something on the other end that will respond on all ports, and then use NMap or another scanner from the inside.
Something like »www.alpinista.org/thp/ would do it. I'm sure there are others.
-- B
--
In a realm outside causality and function |
|
mdm6
Premium
join:2003-12-24
Huntington Beach, CA | You're right, that seems pretty simple. I wonder if there are any publicly available honeypot servers so I don't need to set up my own... |
|
B
Premium,MVM
join:2000-10-28
| Well, most real honeypots are, almost by definition, public. So if you come across one running that software, you can (I guess) "use" it.
But the whole point of honeypots is that they're not advertised as such.
Also, it's not clear to me whether your scans are authorized by the company or not. Be aware that if they are unauthorized and you are caught, you can lose your job, or even be prosecuted.
-- B
--
In a realm outside causality and function |
|
