Velocity Reviews - Computer Hardware Reviews

Velocity Reviews > Newsgroups > Computing > Computer Support > Testing Open Ports

Reply
Thread Tools

Testing Open Ports

 
 
Al
Guest
Posts: n/a
 
      09-30-2009
Hi All,

I want to clarify a few misconceptions I (think) I have about ports,
and specifically testing whether or not they are open.

1. Whats the best way to test if a port is open on a computer. I dont
nessecarily mean testing if its open to the internet, but just on the
computer - this rules out online port scanners since many PC's will be
behind a router, and I am not testing that, but more software based
firewalls that may be running.

1a. Does a service or program have to be listening on a port to test
if its open, or is there a way for example I could open a port on a
software based firewall, and test if its open without anything
listening on that port?

2. With netstat -an what do the *.* mean?

2a. It appears to me that netstat -an only show ports that are (a)
open and (b) have a program/service listening or using it?

3. Whats the best software to do this?

Any positive replies appreciated.

-Al
 
Reply With Quote
 
 
 
 
Danny Sanders
Guest
Posts: n/a
 
      09-30-2009
1) You "Open" a port by installing software that uses that port.
2) You "close" a port by uninstalling software that uses the port.
3) You "block" a port by opening it ( see #1) and putting a firewall in
front of it.



> 1a. Does a service or program have to be listening on a port to test
> if its open, or is there a way for example I could open a port on a
> software based firewall, and test if its open without anything
> listening on that port?


See # 1. Opening a port on the firewall is different from opening a port on
a computer.

> 2a. It appears to me that netstat -an only show ports that are (a)
> open and (b) have a program/service listening or using it?


See #1.

Hypothetically, if a port is open and no one is listening to accept the
communication on the other end, is the port *really* open?


hth
DDS
"Al" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)...
> Hi All,
>
> I want to clarify a few misconceptions I (think) I have about ports,
> and specifically testing whether or not they are open.
>
> 1. Whats the best way to test if a port is open on a computer. I dont
> nessecarily mean testing if its open to the internet, but just on the
> computer - this rules out online port scanners since many PC's will be
> behind a router, and I am not testing that, but more software based
> firewalls that may be running.
>
> 1a. Does a service or program have to be listening on a port to test
> if its open, or is there a way for example I could open a port on a
> software based firewall, and test if its open without anything
> listening on that port?
>
> 2. With netstat -an what do the *.* mean?
>
> 2a. It appears to me that netstat -an only show ports that are (a)
> open and (b) have a program/service listening or using it?
>
> 3. Whats the best software to do this?
>
> Any positive replies appreciated.
>
> -Al



 
Reply With Quote
 
 
 
 
G. Morgan
Guest
Posts: n/a
 
      09-30-2009
On Wed, 30 Sep 2009 11:35:11 -0700 (PDT), Al <(E-Mail Removed)> wrote:

>3. Whats the best software to do this?



I like Angry IP Scanner.

http://www.angryip.org/w/Download

 
Reply With Quote
 
why?
Guest
Posts: n/a
 
      09-30-2009

On Wed, 30 Sep 2009 11:35:11 -0700 (PDT), Al wrote:

x-post trimmed to 24HSHD from
microsoft.public.windows.networking.firewall,24hou rsupport.helpdesk

>Hi All,
>
>I want to clarify a few misconceptions I (think) I have about ports,
>and specifically testing whether or not they are open.


Reading lots

Port States
http://userpages.umbc.edu/~jeehye/cm...ate/sld001.htm
If you really want the low down, writing, how it works and nitty gritty
of the whole setup,

The set of 3,
http://www.amazon.com/TCP-IP-Illustr.../dp/0201633469

and the UNIX set
http://www.amazon.com/Unix-Network-P.../dp/0131411551

The RFCs of course
http://www.faqs.org/rfcs/rfc793.html
Establishing a connection
Closing a Connection

There is plenty of code about for TCP/IP server/client apps, you could
alter one to listen on lots of ports. As well as client / server apps.

>1. Whats the best way to test if a port is open on a computer. I dont
>nessecarily mean testing if its open to the internet, but just on the
>computer - this rules out online port scanners since many PC's will be
>behind a router, and I am not testing that, but more software based
>firewalls that may be running.


You write an app to scan ports, download a port scanner to run locally.

You wouldn't be able to determine if a software firewall is active, lack
of a client / server response because a listener isn't running isn't the
same.

You may be better off testing the services list for the names of known
firewall services as well.

>1a. Does a service or program have to be listening on a port to test
>if its open, or is there a way for example I could open a port on a


Yes, that's the idea of an open (state) of a port.

>software based firewall, and test if its open without anything
>listening on that port?


No, no listner isn't a response.

>2. With netstat -an what do the *.* mean?


That would be the several places to search / read where * is for port
not established

>2a. It appears to me that netstat -an only show ports that are (a)
>open and (b) have a program/service listening or using it?


Yes, otherwise ports wouldn't exist to be listed.

>3. Whats the best software to do this?


A scan, well I would use
http://nmap.org/
You need the permission of security / lan admin for this, I have heard
of a few places where it's considered a security breach to run it.

>Any positive replies appreciated.


:->

www.google.com
network port scanner

http://netsecurity.about.com/cs/hack...eeportscan.htm

There are many sites with security tools, and lists such as

www.tucows.com , all categories IS/IT section.
http://download.cnet.com/windows/monitoring-software/

Likely to be other links to security tools in some of my older posts in
24HSHD as well.

Me
 
Reply With Quote
 
Pennywise@DerryMaine.Gov
Guest
Posts: n/a
 
      10-01-2009
Al <(E-Mail Removed)> wrote:

>1a. Does a service or program have to be listening on a port to test
>if its open, or is there a way for example I could open a port on a
>software based firewall, and test if its open without anything
>listening on that port?


www.GRC.COM has ShieldsUP!. This statement usually starts an argument,
but it will show if you have any open ports.
--

Because you always wanted to know what happens when you hit a piano key.
http://www.concertpitchpiano.com/gra...onanimated.gif
 
Reply With Quote
 
Gerard Bok
Guest
Posts: n/a
 
      10-03-2009
On Fri, 2 Oct 2009 10:05:18 +0100, "Brian Cryer"
<not.here@localhost> wrote:

>"Al" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...


>> I want to clarify a few misconceptions I (think) I have about ports,
>> and specifically testing whether or not they are open.

>
>Danny has given an excellent overview, which covers most points.
>
>> 1. Whats the best way to test if a port is open on a computer. I dont
>> nessecarily mean testing if its open to the internet, but just on the
>> computer - this rules out online port scanners since many PC's will be
>> behind a router, and I am not testing that, but more software based
>> firewalls that may be running.

>
>A simple way is to use telnet.
>
>Open a new command prompt window and enter:
> telnet computerName port
>using the name of the computer and port that you wish to test.
>
>If it simply says "Connecting To computerName..." and eventually times out
>then there is either nothing listening on that port or its blocked. ANY
>other response indicates that something is listening on that port.


True. But alternatively, getting nothing in return with telnet
does not imply that nothing is listening on that port
(As I recently found out when attempting to ascertain if a SSL
host was listening

>Alternatively download cryping (command line utility) and you can use it to
>test a port using:
> cryping computerName -port port
>It will indicate whether or not it could successfully connect to the port.
>You can download it here http://www.cryer.co.uk/downloads/cryping/


Nice tool ! Correction: very nice tool!
And it gets a respons from SSL

>Hope this helps.


Certainly helped me

--
met vriendelijke groet,
Gerard Bok
 
Reply With Quote
 
2Sweet
Guest
Posts: n/a
 
      12-11-2009
By running "telnet" command from a Windows 2003 server to internet website,
it was successful.
From the result, am i right to say that traffic flows on both ways (inbound
& outbound) are NOT blocked???


"Brian Cryer" <not.here@localhost> wrote in message
news:(E-Mail Removed)...
> "Al" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)...
>> Hi All,
>>
>> I want to clarify a few misconceptions I (think) I have about ports,
>> and specifically testing whether or not they are open.

>
> Danny has given an excellent overview, which covers most points.
>
>> 1. Whats the best way to test if a port is open on a computer. I dont
>> nessecarily mean testing if its open to the internet, but just on the
>> computer - this rules out online port scanners since many PC's will be
>> behind a router, and I am not testing that, but more software based
>> firewalls that may be running.

>
> A simple way is to use telnet.
>
> Open a new command prompt window and enter:
> telnet computerName port
> using the name of the computer and port that you wish to test.
>
> If it simply says "Connecting To computerName..." and eventually times out
> then there is either nothing listening on that port or its blocked. ANY
> other response indicates that something is listening on that port.
>
> Alternatively download cryping (command line utility) and you can use it
> to test a port using:
> cryping computerName -port port
> It will indicate whether or not it could successfully connect to the port.
> You can download it here http://www.cryer.co.uk/downloads/cryping/
>
> Hope this helps.
> --
> Brian Cryer
> www.cryer.co.uk/brian


 
Reply With Quote
 
why?
Guest
Posts: n/a
 
      12-11-2009
x-post trimmed to 24HSHD from
microsoft.public.windows.networking.firewall,24hou rsupport.helpdesk

On Fri, 11 Dec 2009 13:05:57 +0800, 2Sweet wrote:

Just catching up?

-->>> On Fri, 2 Oct 2009 10:05:18 +0100, "Brian Cryer"

<not.here@localhost> wrote: >"Al" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed)...
>> I want to clarify a few misconceptions I (think) I have about ports,
>> and specifically testing whether or not they are open. >Danny has


>By running "telnet" command from a Windows 2003 server to internet website,
>it was successful.
>From the result, am i right to say that traffic flows on both ways (inbound
>& outbound) are NOT blocked???


Yes, think about it. If outbound didn't get to the server it couldn't
get back with an inbound message.

>
>"Brian Cryer" <not.here@localhost> wrote in message
>news:(E-Mail Removed).. .
>> "Al" <(E-Mail Removed)> wrote in message
>> news:(E-Mail Removed)...
>>> Hi All,
>>>
>>> I want to clarify a few misconceptions I (think) I have about ports,
>>> and specifically testing whether or not they are open.

>>
>> Danny has given an excellent overview, which covers most points.
>>
>>> 1. Whats the best way to test if a port is open on a computer. I dont
>>> nessecarily mean testing if its open to the internet, but just on the
>>> computer - this rules out online port scanners since many PC's will be
>>> behind a router, and I am not testing that, but more software based
>>> firewalls that may be running.

>>

<snip>

Me
 
Reply With Quote
 
2Sweet
Guest
Posts: n/a
 
      12-11-2009
I have an application server which will access an internet website via ports
8080, 8443 & 443 to perform updownloading task automatically by schedule.
But always failed! I tried using IE to access, no problem) When i perform
telnet (to those ports) on the application server to the internet server.
It was successful. I feedback to the application vendor and they claimed
that i have to allow inbound traffic as well for those ports.

That is why i was wondering do i have to "allow inbound" traffic for ports
8080, 8443 & 443. But i can access the website using IE.
Is there different by using IE and Command to access the website?


"Mr. Majestic" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed) m...
> 2Sweet wrote:
>> By running "telnet" command from a Windows 2003 server to internet
>> website, it was successful.
>> From the result, am i right to say that traffic flows on both ways
>> (inbound & outbound) are NOT blocked???
>>

>
> If outbound traffic is initiated by a program running on a computer from
> behind any type of firewall to a remote site, that is a solicited traffic.
> The firewall is going to allow inbound traffic form a solicited site. The
> firewall will block all unsolicited inbound traffic from a site.
>
> A firewall will not block unsolicited traffic if a port on the firewall is
> opened to allow unsolicited inbound traffic. As an example, port 80 being
> open on a firewall that a computer behind a the firewall is listening on
> port 80 hosting a Web server. The client's browser must initiate and send
> unsolicited inbound traffic to the Web server before the Web server knows
> the client is there.


 
Reply With Quote
 
why?
Guest
Posts: n/a
 
      12-11-2009

x-post trimmed to 24HSHD.

On Sat, 12 Dec 2009 06:17:49 +0800, 2Sweet wrote:

>I have an application server which will access an internet website via ports
>8080, 8443 & 443 to perform updownloading task automatically by schedule.


Using MS Scheduled Tasks?

>But always failed! I tried using IE to access, no problem) When i perform


It's your firewall log that tells you exactly how it's failing or simply
that the command produces no result?

Using IE how, a URL like?
http://external.server.name:8080/

>telnet (to those ports) on the application server to the internet server.


By

telnet external.server.name 8443

>It was successful. I feedback to the application vendor and they claimed
>that i have to allow inbound traffic as well for those ports.


Sounds sensible, depends on the FW you are using. Even MS FW has port /
application to allow settings you may need to add an exception to.


>That is why i was wondering do i have to "allow inbound" traffic for ports
>8080, 8443 & 443. But i can access the website using IE.


So you haven't yet?

Check the FW permissions / inbound rule for telnet.

>Is there different by using IE and Command to access the website?


There is a difference using MS Scheduled Tasks, these don't by default
always run as the logged in user or for that matter no user if no one is
logged in. It's Local System Account or the specified user. You may have
to give Local System Account access to the executable / folder the
command requires to run.

>
>"Mr. Majestic" <(E-Mail Removed)> wrote in message
>news:(E-Mail Removed) om...
>> 2Sweet wrote:
>>> By running "telnet" command from a Windows 2003 server to internet
>>> website, it was successful.
>>> From the result, am i right to say that traffic flows on both ways
>>> (inbound & outbound) are NOT blocked???
>>>

>>
>> If outbound traffic is initiated by a program running on a computer from
>> behind any type of firewall to a remote site, that is a solicited traffic.
>> The firewall is going to allow inbound traffic form a solicited site. The
>> firewall will block all unsolicited inbound traffic from a site.
>>
>> A firewall will not block unsolicited traffic if a port on the firewall is
>> opened to allow unsolicited inbound traffic. As an example, port 80 being
>> open on a firewall that a computer behind a the firewall is listening on
>> port 80 hosting a Web server. The client's browser must initiate and send
>> unsolicited inbound traffic to the Web server before the Web server knows
>> the client is there.


Me
 
Reply With Quote
 
 
 
Reply

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Type of actual ports is not compatible with type of ports of entity. mreister VHDL 1 05-25-2010 11:30 AM
Recommendations Please for a PCI card w/ two USB 2 Ports and FireWaire Ports Mike Digital Photography 27 02-26-2006 12:54 AM
testing ports through network Billy K Computer Security 5 05-30-2004 05:15 PM
Testing manually opened ports. CrackHeadBob Computer Support 2 02-10-2004 01:33 PM
testing--news2004--testing Boomer Computer Support 3 09-24-2003 06:54 PM



Advertisments