Velocity Reviews

Velocity Reviews (http://www.velocityreviews.com/forums/index.php)
-   Cisco (http://www.velocityreviews.com/forums/f27-cisco.html)
-   -   Port question (http://www.velocityreviews.com/forums/t35282-port-question.html)

Rob 09-07-2004 04:27 PM

Port question
 
Usually if I want to see if I have access to a specific port like 25 on a
server, and if that port is open on the firewall, I'll try this command:
telnet 140.25.28.99 25 then I see a message which verifys that, but my
question is, can I use the same command for any port, like 389 or 709 or
443? If so, what should I see if the port is available and if it is not?

Thanks in advance-Rob



Scooby 09-07-2004 05:40 PM

Re: Port question
 
"Rob" <rob@hotmail.com> wrote in message news:413de11b$1@news.sentex.net...
> Usually if I want to see if I have access to a specific port like 25 on a
> server, and if that port is open on the firewall, I'll try this command:
> telnet 140.25.28.99 25 then I see a message which verifys that, but my
> question is, can I use the same command for any port, like 389 or 709 or
> 443? If so, what should I see if the port is available and if it is not?
>
> Thanks in advance-Rob
>
>


It really depends upon the application on the other end. In reality, all ip
(tcp for this example) ports run exactly the same. They accept a connection
and then pass appropriate traffic back and forth. The port number makes it
easy to know what application to run when the connection happens. So, when
you connect, the receiving application will do what it does. In the case of
telnet, it usually gives a login prompt or page. In the case of many other
applications (such as http), it just accepts the connection and then waits
for you to send something that makes sense. The best way to tell is if you
get a connection at all - that sez the port is active. You don't care if
any data comes across.

Udp operates differently than tcp, but same idea - all ports are the same
until the underlying app does what it will.

That said, if the host is using tcp wrappers, you could be fooled. The port
may be active, just not active to you. In that case, the connection would
happen, but then you'd be immediately dropped.

Hope that helps,

Jim




Walter Roberson 09-07-2004 05:51 PM

Re: Port question
 
In article <413de11b$1@news.sentex.net>, Rob <rob@hotmail.com> wrote:
:Usually if I want to see if I have access to a specific port like 25 on a
:server, and if that port is open on the firewall, I'll try this command:
:telnet 140.25.28.99 25 then I see a message which verifys that, but my
:question is, can I use the same command for any port, like 389 or 709 or
:443? If so, what should I see if the port is available and if it is not?

You can -try- to telnet to any TCP port. The reaction will depend
whether there are filters/firewalls along the way, on whether the
port is open, and upon the exact software that is handling the port.

Except for the few well-known ports that use text-based protocols
with built in "I'm here" banner messages, *most* of the time if the port
is open and you tell net to it, what you will see is that your
system says that the connection is open, and you see nothing
coming from the remote end. The fact that your system said that
the port was connection was open (rather than that the connection
was refused, no route to host, connection timed out) gives you the
information that the port is reachable.


You can't -always- imitate a connection using telnet, even if you
have soem way of pasting / typing arbitrary binary bytes into the
telnet data stream. (If the protocol is binary, that just makes it
harder, not impossible.) But it doesn't always work: when you
use telnet, telnet attempts [behind your back] to negotiate settings
with the remote system, such informing the other system what your
terminal type and preferred delete character are. That negotiation
phase can [usually will] confuse binary protocols. In many telnet
clients, there is a way to turn off that negotiation phase, but that
mechanism is not -usually- available if you use the command line form

telnet IP PORT

Usually, you would instead have to do something like entering
into the telnet program, setting the option to disable negotiation
[which might take a few steps], and then using the telnet 'open'
command to connect to the desired IP and port. The details depend
upon the telnet client one is using -- read the manual pages
closely if you are concerned about the possibility. [But if you
-are- concerned about this possibility, it's probably better to
write a small program to make the connection for you and send the
data stream you want, instead if you trying the insert the binary
into the telnet data stream.]
--
Oh, yeah, an African swallow maybe, but not a European swallow.
That's my point.

AnyBody43 09-08-2004 11:42 AM

Re: Port question
 
roberson@ibd.nrc-cnrc.gc.ca (Walter Roberson) wrote
> Rob <rob@hotmail.com> wrote:
> :Usually if I want to see if I have access to a specific port like 25 on a
> :server, and if that port is open on the firewall, I'll try this command:
> :telnet 140.25.28.99 25 then I see a message which verifys that, but my
> :question is, can I use the same command for any port, like 389 or 709 or
> :443? If so, what should I see if the port is available and if it is not?
>
> You can -try- to telnet to any TCP port. The reaction will depend
> whether there are filters/firewalls along the way, on whether the
> port is open, and upon the exact software that is handling the port.


> command to connect to the desired IP and port. The details depend
> upon the telnet client one is using -- read the manual pages
> closely if you are concerned about the possibility. [But if you
> -are- concerned about this possibility, it's probably better to
> write a small program to make the connection for you and send the
> data stream you want, instead if you trying the insert the binary
> into the telnet data stream.]



You could use tcpdump (windump) to view the packets in one window
and telnet in another.

Run windump filtering on TCP or UDP port 445

C:\>windump port 445
windump: listening on \Device\NPF_{42D40A14-07D8-4544-8CA4-6D7882C0DF03}
12:27:49.567774 IP xxx-01.xxx.local.4061 >
server1.xxx.local.445: #S# 2409317214:2409317214(0)
win 25200 <mss 1260,nop,nop,sackOK> (DF)

12:27:49.568201 IP server1.xxx.local.445 >
xxx-01.xxx.local.4061: #S# 2410527056:2410527056(0) #ack#
2409317215 win 17640 <mss 1460,nop,nop,sackOK> (DF)

12:27:49.568228 IP xxx-01.xxx.local.4061 >
server1.xxx.local.445: . #ack# 1 win 25200 (DF)

Interesting bits shown bracketed by #.


In another window

>telnet server1 445



In this case we get the TCP 3 way handshake
SYN Client to server
SYN ack Server to client
ack Client to server

This is #positive# proof that TCP communications is working.


Example when it the dest port is not available
C:\>windump port 5900
windump: listening on \Device\NPF_{42D40A14-07D8-4544-8CA4-6D7882C0DF03}

12:26:29.090258 IP xxx-01.xxx.local.4048 >
server1.xxx.local.5900: #S# 2390355457:2390355457(0)
win 25200 <mss 1260,nop,nop,sackOK> (DF)
12:26:29.090596 IP server1.xxx.local.5900 >
xxx-01.xxx.local.4048: #R# 0:0(0) ack 2390355458 win 0


Repeated twice more.

This time we get:-

SYN Client to server
RST Server to Client (sometimes firewalls or whatever
may block this)


To use Windump you need to install winpcap first.
Just run windump.exe for windump, no install:-)).

http://windump.polito.it/install/default.htm
http://winpcap.polito.it/install/bin/WinPcap_3_0.exe

Examples:-
windump host 1.1.1.1 and port 25
windump host 2.2.2.2
windump port 25


All times are GMT. The time now is 02:54 PM.

Powered by vBulletin®. Copyright ©2000 - 2014, vBulletin Solutions, Inc.
SEO by vBSEO ©2010, Crawlability, Inc.