How to find which ports are blocked?

7

2

I have root on two machines A and B and I would like to know which ports can't be accessed on B from A. Is there some way to run a command line application on B that listens on all ports and then run nmap from A maybe? Ports may be blocked by the routers so just checking iptables won't be enough.

A simple nmap gives

Starting Nmap 5.21 ( http://nmap.org ) at 2013-04-18 09:32 BST
Nmap scan report for B (xxx.xxx.xxx.xxx)
Host is up (0.00038s latency).
rDNS record for xxx.xxx.xxx.xxx: B
Not shown: 999 closed ports
PORT   STATE SERVICE
22/tcp open  ssh

Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds

If I just scan port 5900 from A I get

nc -v -w 1 B -z 5900
nc: connect to B port 5900 (tcp) failed: Connection refused

And from B I get

nc -v -w 1 localhost -z 5900
Connection to localhost 5900 port [tcp/*] succeeded!

Also running nmap from B I get

nmap localhost

Starting Nmap 5.21 ( http://nmap.org ) at 2013-04-18 09:57 BST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00024s latency).
Hostname localhost resolves to 2 IPs. Only scanned 127.0.0.1
Not shown: 995 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
25/tcp   open  smtp
53/tcp   open  domain
631/tcp  open  ipp
5900/tcp open  vnc

Anush

Posted 2013-04-18T08:19:30.190

Reputation: 235

Is the process on 5900/tcp bound to the external interface, or to loopback? Check output of netstat -tln - if it shows Local Address as 127.0.0.1:5900, then the process is not listening on external interface. If it shows 0.0.0.0:5900, then it is. – bonsaiviking – 2013-04-18T14:10:12.963

Answers

2

When you use nmap, there is a difference between a "filtered" and a "closed" port. That should show all non-accessible ports as "filtered" and those where just no one is listening should be listed as "closed".

If you have a mean router in between which answers TCP requests instead of dropping them, you can find out by binding to all ports (warning, you could run out of system resources doing this! Maybe try with ~1000 ports at a time):

for i in {1..65535} ; do nc -l $i & done

Stefan Seidel

Posted 2013-04-18T08:19:30.190

Reputation: 8 812

I added some information. It doesn't list filtered ports although I suspect many are blocked. – Anush – 2013-04-18T08:34:19.513

Can you post an example of a port you suspect being blocked? Simply run nc -l 1111 (on some versions: nc -l -p 1111) on B and nmap -p1111 B on A to test port 1111. – Stefan Seidel – 2013-04-18T08:54:26.460

Added information to question. – Anush – 2013-04-18T08:58:26.963

Asked: 2013-04-18T08:19:30.190

Viewed: 21 256 times

Active: 2013-04-18T09:26:02.450