Re: howto check open ports ?
try command nmap ip_address On Thu, 2006-02-23 at 00:12 +, Oliver Lupton wrote: On Wed, 22 Feb 2006 17:31:49 -0500 Stephen R Laniel [EMAIL PROTECTED] wrote: On Wed, Feb 22, 2006 at 10:26:05PM +, Oliver Lupton wrote: My router/firewall blocks all ports, including those over 1023 (1024?) I assume you mean that your router *can*, not that it necessarily does. It seems like it would be awfully inconvenient to block all such ports, given that programs often need to open connections to non-privileged ports. E.g., see below for all the ports that netstat reveals have connections currently open. Sorry, maybe I phrased myself badly. I, and I think the original poster is in the same situation, have my own box behind a separate router, that router is firewalling incoming traffic (WAN - Me) and in my case then it does block *all* ports except ones specifically allowed by the router admin (in this case, me). The netstat output you show is, I believe, showing the local ends of any outgoing requests you have open, which are not blocked by the router. `netstat -l` shows a, what I think is a more relavent, list of ports your machine is listening on for incoming connections. Cheers, -ol -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: howto check open ports ?
nmap is all you need. The manpage will tell you everything about it you need to know. If you can't find an open port then you may want to consider running an ssh tunnel (man ssh and look for -R and -L options). Even worse running TCP/IP over your ssh connection with a pppd and Magosányi Árpád's pty-redir program. Mind you, I can guanentee that your University IT dept will be justifiably pissed if you setup a VPN between your home network and their LAN. -Peter On Wed, Feb 22, 2006 at 01:59:41PM -0800, Paul Johnson wrote: On Wednesday 22 February 2006 13:18, Mehmet Fatih Akbulut wrote: hi all, i am now behind a firewall [at dormitory], and i want to check open ports. is there a handy program that does this job for me ;) nmap will do it if you know your IP address and can run nmap from another network. BTW, attempting to breach your university's security measure probably violates your terms of enrollment and can get you kicked out of college or evicted from your dorm. Just something to keep in mind. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED] signature.asc Description: Digital signature
Re: howto check open ports ?
Oliver Lupton wrote:
On Wed, 22 Feb 2006 17:31:49 -0500
Stephen R Laniel [EMAIL PROTECTED] wrote:
On Wed, Feb 22, 2006 at 10:26:05PM +, Oliver Lupton wrote:
My router/firewall blocks all ports, including those over 1023 (1024?)
I assume you mean that your router *can*, not that it
necessarily does. It seems like it would be awfully
inconvenient to block all such ports, given that programs
often need to open connections to non-privileged ports.
E.g., see below for all the ports that netstat reveals have
connections currently open.
Sorry, maybe I phrased myself badly.
I, and I think the original poster is in the same situation, have my
own box behind a separate router, that router is firewalling incoming
traffic (WAN - Me) and in my case then it does block *all* ports except
ones specifically allowed by the router admin (in this case, me).
My setup is similar. I have a router with only one computer on the
LAN side, and one ADSL modem on the WAN side. I have mine stealth
on all ports except the e-mail challenge port, which is closed.
Mike
--
p=p=%c%s%c;main(){printf(p,34,p,34);};main(){printf(p,34,p,34);}
This message made from 100% recycled bits.
You have found the bank of Larn.
I can explain it for you, but I can't understand it for you.
I speak only for myself, and I am unanimous in that!
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: howto check open ports ?
On Wed, Feb 22, 2006 at 11:18:41PM +0200, Mehmet Fatih Akbulut wrote: i am now behind a firewall [at dormitory], and i want to check open ports. is there a handy program that does this job for me ;) want to find an open port for apache to run. because 80. port blocked to people outside the dorm. i both need an openport seeker program and info if apache will work let's say i change its port from 80 to 5055 [assuming this port is open] ? many thanks in advance. Any ports above 1023, I believe, are unprivileged. Quite often people set Apache to work over port 8080; almost no one blocks ports that high. You could also use nmap to scan ports. But nmap is only going to scan privileged ports to see which ones are open; it's not going to tell you that ports 8080 and above are open, because they always are. -- Stephen R. Laniel [EMAIL PROTECTED] +(617) 308-5571 http://laniels.org/ PGP key: http://laniels.org/slaniel.key signature.asc Description: Digital signature
Re: howto check open ports ?
On Wed, Feb 22, 2006 at 10:26:05PM +, Oliver Lupton wrote: My router/firewall blocks all ports, including those over 1023 (1024?) I assume you mean that your router *can*, not that it necessarily does. It seems like it would be awfully inconvenient to block all such ports, given that programs often need to open connections to non-privileged ports. E.g., see below for all the ports that netstat reveals have connections currently open. 2252 2733 5973 10892 18810 21097 21622 22184 23816 32779 37380 45559 46174 46175 46176 46177 46178 46179 46180 46181 46182 46183 47950 48946 50271 50579 52343 52382 52426 52462 52481 52482 53166 53494 56174 56241 57329 6 61464 62586 -- Stephen R. Laniel [EMAIL PROTECTED] +(617) 308-5571 http://laniels.org/ PGP key: http://laniels.org/slaniel.key signature.asc Description: Digital signature
Re: howto check open ports ?
On Wed, 22 Feb 2006 16:24:54 -0500 Stephen R Laniel [EMAIL PROTECTED] wrote: it's not going to tell you that ports 8080 and above are open, because they always are. My router/firewall blocks all ports, including those over 1023 (1024?) Cheers, -ol -- I will live forever, or die trying. signature.asc Description: PGP signature
Re: howto check open ports ?
On Wednesday 22 February 2006 13:18, Mehmet Fatih Akbulut wrote: hi all, i am now behind a firewall [at dormitory], and i want to check open ports. is there a handy program that does this job for me ;) nmap will do it if you know your IP address and can run nmap from another network. BTW, attempting to breach your university's security measure probably violates your terms of enrollment and can get you kicked out of college or evicted from your dorm. Just something to keep in mind. -- Paul Johnson Email and IM (XMPP Google Talk): [EMAIL PROTECTED] Jabber: Because it's time to move forward http://ursine.ca/Ursine:Jabber -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: howto check open ports ?
On Wed, 2006-02-22 at 16:24 -0500, Stephen R Laniel wrote: On Wed, Feb 22, 2006 at 11:18:41PM +0200, Mehmet Fatih Akbulut wrote: i am now behind a firewall [at dormitory], and i want to check open ports. is there a handy program that does this job for me ;) want to find an open port for apache to run. because 80. port blocked to people outside the dorm. i both need an openport seeker program and info if apache will work let's say i change its port from 80 to 5055 [assuming this port is open] ? many thanks in advance. Any ports above 1023, I believe, are unprivileged. Quite often people set Apache to work over port 8080; almost no one blocks ports that high. You could also use nmap to scan ports. But nmap is only going to scan privileged ports to see which ones are open; it's not going to tell you that ports 8080 and above are open, because they always are. I believe this info is quite incorrect. I use nmap often, and it scans quite high (for instance, 3389, RDP is detected just fine). If port 8080 is open by default depens on how your firewall is configured. If you follow the approach: ACCEPT ALL and deny what I don't want, it is possible that it is still open. The right way is: DENY ALL and allow what I need/want. To be able to run apache through a firewall though means that the network can't be NAT-ed, because then you'd need a mapping that tells the firewall to forward traffic for port x to IP y. If the firewall only protects your host directly, then an open port would suffice to make apache accessible. What you mean by privileged ports are ports that can only be opened with sufficient rights. For instance, a normal user would not be able to run apache on port 80, but root can. Just for the record, below is nmap output on port 8080 on my router at home: PORT STATESERVICE 8080/tcp filtered http-proxy filtered means that it is stopped by something. If there is nothing listening on that port it would be closed and if there is something listening it would be open! If I made a mistake anywhere, feel free to correct me! Philippe De Ryck -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: howto check open ports ?
On Wed, 22 Feb 2006 17:31:49 -0500 Stephen R Laniel [EMAIL PROTECTED] wrote: On Wed, Feb 22, 2006 at 10:26:05PM +, Oliver Lupton wrote: My router/firewall blocks all ports, including those over 1023 (1024?) I assume you mean that your router *can*, not that it necessarily does. It seems like it would be awfully inconvenient to block all such ports, given that programs often need to open connections to non-privileged ports. E.g., see below for all the ports that netstat reveals have connections currently open. Sorry, maybe I phrased myself badly. I, and I think the original poster is in the same situation, have my own box behind a separate router, that router is firewalling incoming traffic (WAN - Me) and in my case then it does block *all* ports except ones specifically allowed by the router admin (in this case, me). The netstat output you show is, I believe, showing the local ends of any outgoing requests you have open, which are not blocked by the router. `netstat -l` shows a, what I think is a more relavent, list of ports your machine is listening on for incoming connections. Cheers, -ol -- I will live forever, or die trying. signature.asc Description: PGP signature
