How can I check for externally-open ports on a given server?

1

1

I need to programatically determine whether a given port on the server that my script is running on is open from the outside world. I'm working under the assumption that the only reliable way to determine this, taking into account both ports listening and any firewalls in place, would be to have an external service try to talk to the port.

So, my question is two-part:

  1. Is this initial assumption correct? Do I need to rely on an external service to reliably detect externally-open ports?
  2. Assuming yes to 1, what options are out there that provide a free API? I've looked at canyouseeme.org and ping.eu, but neither seem to provide an API. I could POST to the same pages those respective sites use for their HTML-based service and scrape the HTML response, but that obviously isn't ideal.

Dan

Posted 2014-03-29T19:27:47.503

Reputation: 314

An old answer of mine may be helpful. – nerdwaller – 2014-03-29T19:35:32.100

I have never tried it, but seems that opening a socket to the port, would be sufficient – py_script – 2014-03-29T19:37:14.653

My script is running behind the firewall so just trying to init a socket connection would return false positives since it wouldn't hit the firewall. Surely the check has to be done remotely... – Dan – 2014-03-29T19:39:49.410

If you want to run tests against a server, you can from an external shell account. Many places offer services for a few dollars a month (I have no idea about the quality of any of these options, they are just for example purposes: http://shells.red-pill.eu/). You can write a script and use nmap or other such port scanners to probe your server for holes and have it log results or even email the results to you, even setup a cron to have it do it periodically.

– MaQleod – 2014-03-29T19:40:00.810

@MaQleod, that is an option, but then I'm just effectively writing my own API. I would rather not do that. – Dan – 2014-03-29T19:41:20.593

Not really, it would just be a simple bash script...you'd have to write something similar to interface with any API anyway... – MaQleod – 2014-03-29T19:42:10.823

Being a simple bash script doesn't make it any less of an API. In any event, that seems like overkill for this problem. – Dan – 2014-03-29T19:44:05.700

Answers

1

Your first assumption is correct for simple network infrastructure (home and small business routers, for example), bigger organisations and ISPs will implement more complex firewall rules which can automatically exclude IPs based on the frequency and type of request (DDoS), to quote only a few parameters.

I haven't found any useful api, those sites will do the trick as a one-time shot. Another solution is to use your telephone/tablet to run tools.

You can still run a scan from one of your machines on the network (or even the same machine) towards your public IP, and that will give you the list of opened ports (unless you have a firewall rule to allow all your network machines to connect to any port on your public IP address, but I don't see the point of that).

Thomas

Posted 2014-03-29T19:27:47.503

Reputation: 359

Asked: 2014-03-29T19:27:47.503

Viewed: 1 004 times

Active: 2014-03-29T21:06:57.003