Open outbound ports

z662

z662

Does anyone know of an effective way to determine which ports are open for outbound connections? At work our corporate firewall has a default deny policy and I cannot connect to my ssh server without setting it to port 80 which Id prefer not do. Id imagine there should at least be a couple ports open that I havent tried. I am not aware of a method to find out this information with nmap which was my first tool to try.
 
You could use a tool like net/tcptraceroute. You can't do an integral portscan with it (which is not advisable to begin with, as it might alert admins), but if you have a small number of ports in mind you'd like to run sshd on, you can try running [cmd=]tcptraceroute <somehost> <port>[/cmd] to check whether the outbound TCP-SYN packet passes the firewall.

E.g. [cmd=]tcptraceroute <somehost> <port>[/cmd] should show you that the firewall (usually the first or second hop, if it shows up at all) passes that packet to the outside world. Trying different ports (they do not need to be actually 'live') should show you whether the firewall tries to pass them out.

Example:

Code: 
$ tcptraceroute www.google.com 22
Selected device fxp0, address some.ip.0, port 49298 for outgoing packets
Tracing the path to www.google.com (66.102.13.99) on TCP port 22, 30 hops max
 1  host1 (some.ip.1)  11.253 ms  10.344 ms  10.905 ms
 2  host2 (some.ip.2)  176.990 ms  203.659 ms  214.492 ms
 3  etc.

This TCP-SYN made it to the outside, so the firewall allows it.

Alternatively, you can use a tool like nc(1) to open a listener port at home (e.g. [cmd=]nc -l 1234[/cmd]), and a tool like net/tcping or, again, nc(1) to connect to it (e.g. [cmd=]tcping ip.at.home 1234[/cmd] or [cmd=]nc ip.at.home 1234[/cmd] -- the latter allows you to type some text, which should show up at the other side).
 
Can nc be configured to listen on multiple ports so I could try check many ports at the same time? E.G set it to listen for a range of ports at home and then at work run traceroute to see the results for that entire range?
 
No, that's not possible. Running multiple sessions is, of course.
 
You must log in or register to reply here.
Back
Top