Port 993 refused

sean0918

Windows FW is off on host machine.

Yes… I'm running it on a windows machine. I know, I know. What can I say, I'm learning as I go.

Derelict

Obviously something on the target host.

Run a Diagnostics > Packet capture on the inside interface for host 192.168.1.5 port 993 and test again from the outside.

Look at the capture. See what you see.

sean0918

yeah. I don't know how to interpret this stuff. 143 connects but 993 doesn't. I can't put it together. anyways, here is the packet log. Any help is appreciated. I know its hard helping a noob.

00:30:15.760328 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
00:30:15.760628 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 0
00:30:15.761508 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
00:30:15.761882 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 517
00:30:15.762875 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 156
00:30:15.763631 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0
00:30:15.764006 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 51
00:30:15.765130 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 787
00:30:15.765374 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 0
00:30:15.839204 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
00:30:15.839226 IP 192.168.1.1.44635 > 192.168.1.5.993: tcp 0
00:30:15.839455 IP 192.168.1.5.993 > 192.168.1.1.44635: tcp 0
00:30:15.839462 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
00:30:16.347816 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
00:30:16.347839 IP 192.168.1.1.6360 > 192.168.1.5.993: tcp 0
00:30:16.348144 IP 192.168.1.5.993 > 192.168.1.1.6360: tcp 0
00:30:16.348152 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
00:30:16.853383 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
00:30:16.853405 IP 192.168.1.1.59960 > 192.168.1.5.993: tcp 0
00:30:16.853584 IP 192.168.1.5.993 > 192.168.1.1.59960: tcp 0
00:30:16.853592 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
00:30:16.867487 IP 192.168.1.5.443 > 192.168.1.1.30899: tcp 566
00:30:17.025612 IP 192.168.1.1.30899 > 192.168.1.5.443: tcp 0

sean0918

And here we are when connecting on 143:

00:41:05.242013 IP 192.168.1.1.35935 > 192.168.1.5.443: tcp 0
00:41:05.242403 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:05.242626 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
00:41:05.243757 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:05.244257 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 517
00:41:05.245375 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 156
00:41:05.246128 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:05.246505 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 51
00:41:05.247630 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 831
00:41:05.247873 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
00:41:05.294845 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
00:41:05.294865 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
00:41:05.295095 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
00:41:05.295103 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
00:41:05.295469 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
00:41:05.295476 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
00:41:05.313507 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 15
00:41:05.313515 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 15
00:41:05.314083 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 17
00:41:05.314090 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 17
00:41:05.322453 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 111
00:41:05.322460 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 111
00:41:05.322952 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 55
00:41:05.322959 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 55
00:41:05.332072 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 25
00:41:05.332082 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 25
00:41:05.336081 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 13
00:41:05.336088 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 13
00:41:05.344466 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 49
00:41:05.344473 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 49
00:41:05.344475 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
00:41:05.344481 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
00:41:05.344689 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
00:41:05.344696 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
00:41:05.344698 IP 192.168.1.5.50273 > 24.59.68.177.143: tcp 0
00:41:05.344704 IP 192.168.1.1.12731 > 192.168.1.5.143: tcp 0
00:41:05.344816 IP 192.168.1.5.143 > 192.168.1.1.12731: tcp 0
00:41:05.344823 IP 24.59.68.177.143 > 192.168.1.5.50273: tcp 0
00:41:05.345189 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 883
00:41:05.386552 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:05.470542 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 943
00:41:05.512216 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
00:41:05.527739 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
00:41:05.527749 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 464
00:41:05.528709 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:05.528835 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:05.847926 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 846
00:41:05.892648 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
00:41:05.917139 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
00:41:05.917149 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
00:41:05.917157 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1460
00:41:05.917164 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 1024
00:41:05.918097 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:05.918221 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:05.918471 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 0
00:41:08.541924 IP 192.168.1.1.17772 > 192.168.1.5.443: tcp 1056
00:41:08.592759 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
00:41:08.592781 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
00:41:08.593086 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 0
00:41:08.593095 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 0
00:41:08.593460 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
00:41:08.593467 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
00:41:08.593834 IP 192.168.1.5.443 > 192.168.1.1.17772: tcp 0
00:41:08.611249 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 15
00:41:08.611258 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 15
00:41:08.611824 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 17
00:41:08.611831 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 17
00:41:08.620444 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 111
00:41:08.620452 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 111
00:41:08.620943 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 55
00:41:08.620950 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 55
00:41:08.629961 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 25
00:41:08.629970 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 25
00:41:08.630687 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 18
00:41:08.630694 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 18
00:41:08.639197 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 223
00:41:08.639204 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 223
00:41:08.687805 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0
00:41:08.687814 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 0
00:41:08.688027 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 24
00:41:08.688034 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 24
00:41:08.688901 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 18
00:41:08.688908 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 18
00:41:08.699776 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 247
00:41:08.699783 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 247
00:41:08.701520 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 17
00:41:08.701527 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 17
00:41:08.711888 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 111
00:41:08.711895 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 111
00:41:08.712387 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 16
00:41:08.712394 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 16
00:41:08.721159 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 82
00:41:08.721167 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 82
00:41:08.728636 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 13
00:41:08.728644 IP 192.168.1.1.45505 > 192.168.1.5.143: tcp 13
00:41:08.737030 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 49
00:41:08.737037 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 49
00:41:08.737039 IP 192.168.1.5.143 > 192.168.1.1.45505: tcp 0
00:41:08.737045 IP 24.59.68.177.143 > 192.168.1.5.50274: tcp 0
00:41:08.737260 IP 192.168.1.5.50274 > 24.59.68.177.143: tcp 0

Derelict

You didn't filter on port 993.

Looks like the server is probably returning NAKs. Hard to tell. Go back to diagnostics > packet capture, choose Level of detail: Full and press view capture. Post that.

Since you ran another capture you'll have to take another one for port 993.

Actually, better yet, just download the capture file and attach it to a reply.

00:30:15.839204 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
00:30:15.839226 IP 192.168.1.1.44635 > 192.168.1.5.993: tcp 0
00:30:15.839455 IP 192.168.1.5.993 > 192.168.1.1.44635: tcp 0
00:30:15.839462 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
00:30:16.347816 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
00:30:16.347839 IP 192.168.1.1.6360 > 192.168.1.5.993: tcp 0
00:30:16.348144 IP 192.168.1.5.993 > 192.168.1.1.6360: tcp 0
00:30:16.348152 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0
00:30:16.853383 IP 192.168.1.5.50241 > 24.59.68.177.993: tcp 0
00:30:16.853405 IP 192.168.1.1.59960 > 192.168.1.5.993: tcp 0
00:30:16.853584 IP 192.168.1.5.993 > 192.168.1.1.59960: tcp 0
00:30:16.853592 IP 24.59.68.177.993 > 192.168.1.5.50241: tcp 0

sean0918

ugh. but muh public IP.

sean0918

I'll redact it. Standby.

Derelict

If that concerns you be sure to edit out of the above. lmk if you need me to do it in mine.

It is obvious from what has already been shown that the port forward is working and the server is responding with something with 0 bytes of payload.

sean0918

Hahahaaha. How embarassing. Well, at least you know what you are dealing with now. Thank you for wasting your time on me. I do appreciate it. I couldn't upload the .cap nor did it make sense when I converted it to a .txt so here is what I got. Public IP included.

09:03:03.796868 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6378, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:03.796889 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6378, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.1.5627 > 192.168.1.5.993: Flags [s], cksum 0x0fc7 (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:03.797194 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30340, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.1.5.993 > 192.168.1.1.5627: Flags [R.], cksum 0x4b77 (correct), seq 0, ack 1537239942, win 0, length 0
09:03:03.797201 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30340, offset 0, flags [DF], proto TCP (6), length 40)
    24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1537239942, win 0, length 0
09:03:04.298138 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6379, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:04.298162 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6379, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.1.50307 > 192.168.1.5.993: Flags [s], cksum 0x613e (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:04.298387 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30344, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.1.5.993 > 192.168.1.1.50307: Flags [R.], cksum 0x9cee (correct), seq 0, ack 1537239942, win 0, length 0
09:03:04.298395 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30344, offset 0, flags [DF], proto TCP (6), length 40)
    24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1, win 0, length 0
09:03:04.814122 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 128, id 6380, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.5.50161 > 24.59.68.177.993: Flags [s], cksum 0xc68d (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:04.814144 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 66: (tos 0x0, ttl 127, id 6380, offset 0, flags [DF], proto TCP (6), length 52)
    192.168.1.1.56268 > 192.168.1.5.993: Flags [s], cksum 0x49f5 (correct), seq 1537239941, win 64240, options [mss 1460,nop,wscale 8,nop,nop,sackOK], length 0
09:03:04.814323 4c:cc:6a:d2:fb:f9 > 00:15:17:f3:50:6b, ethertype IPv4 (0x0800), length 60: (tos 0x0, ttl 128, id 30345, offset 0, flags [DF], proto TCP (6), length 40)
    192.168.1.5.993 > 192.168.1.1.56268: Flags [R.], cksum 0x85a5 (correct), seq 0, ack 1537239942, win 0, length 0
09:03:04.814330 00:15:17:f3:50:6b > 4c:cc:6a:d2:fb:f9, ethertype IPv4 (0x0800), length 54: (tos 0x0, ttl 127, id 30345, offset 0, flags [DF], proto TCP (6), length 40)
    24.59.68.177.993 > 192.168.1.5.50161: Flags [R.], cksum 0x023e (correct), seq 0, ack 1, win 0, length 0
[/s][/s][/s][/s][/s][/s]

sean0918

cripes. I swear I didn't do that strikethrough. Just give up on me.

sean0918

Ok so now to figure out why changing the router would cause the server to reject the connection… I made no changes on that side.