Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Checking for open ports ?

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 7 Posters 1.5k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC Offline
      chudak
      last edited by

      I really wanted to check it from the external server.
      The way that seems to work is:

      nc -zvw10 <server> -t <port> - for TCP
      nc -zvw10 <server> -u <port> - for UPD

      PS: I did not realize that usually by default UPD ports don't get tested

      Thank you !

      1 Reply Last reply Reply Quote 0
      • M Offline
        Modesty
        last edited by

        I use Advance port scanner. there is an UDP option, ref screenshot

        b5966995-cec5-4cc4-adfa-83ad1550bb3c-image.png

        Everything can be rebuilt!

        chudakC 1 Reply Last reply Reply Quote 0
        • chudakC Offline
          chudak @Modesty
          last edited by

          @Modesty said in Checking for open ports ?:

          Advance port scanner

          Is it a Windows thing or also for Linux ?

          M 1 Reply Last reply Reply Quote 0
          • M Offline
            Modesty @chudak
            last edited by

            @chudak windows

            Everything can be rebuilt!

            1 Reply Last reply Reply Quote 0
            • stephenw10S Offline
              stephenw10 Netgate Administrator
              last edited by

              If you test remotely you will only see a UDP port as 'open' if what you're testing against chooses to send a reply. Most things won't unless you send the right thing.

              Steve

              1 Reply Last reply Reply Quote 0
              • johnpozJ Offline
                johnpoz LAYER 8 Global Moderator
                last edited by

                ^ exactly, 1194 is the default UDP openvpn port.. .Unless your sending vpn traffic your not going to get an answer, so how would outside testing know that its open?

                An intelligent man is sometimes forced to be drunk to spend time with his fools
                If you get confused: Listen to the Music Play
                Please don't Chat/PM me for help, unless mod related
                SG-4860 24.11 | Lab VMs 2.8, 24.11

                chudakC 1 Reply Last reply Reply Quote 0
                • chudakC Offline
                  chudak @johnpoz
                  last edited by

                  @johnpoz

                  I am sending vpn traffic

                  nc -zvw10 <SERVER> 2194
                  Connection to <SERVER> 2194 port [tcp/*] succeeded!
                  yuriw@vmss:~$ nc -zvw10 <SERVER> -u 1194
                  Connection to <SERVER> 1194 port [udp/openvpn] succeeded!

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by

                    You are not actually testing anything there.

                    steve@steve-MMLP7AP-00 ~ $ nc -zvw10 11.11.11.1 -u 1111
                    Connection to 11.11.11.1 1111 port [udp/*] succeeded!
                    

                    Steve

                    chudakC 1 Reply Last reply Reply Quote 0
                    • chudakC Offline
                      chudak @stephenw10
                      last edited by

                      @stephenw10

                      How do you test then ?

                      1 Reply Last reply Reply Quote 0
                      • stephenw10S Offline
                        stephenw10 Netgate Administrator
                        last edited by stephenw10

                        You can't with UDP unless you know what you're testing against will respond.

                        You need to test from both ends so you can see the packets come in and whether they are opening states.

                        Steve

                        1 Reply Last reply Reply Quote 0
                        • johnpozJ Offline
                          johnpoz LAYER 8 Global Moderator
                          last edited by

                          Testing to openvpn is hard, especially if you have set for auth on your tls key - since it won't answer anything at all unless tls key matches..

                          And yup UDP is hard to test as well.. Because there is no handshake..

                          An intelligent man is sometimes forced to be drunk to spend time with his fools
                          If you get confused: Listen to the Music Play
                          Please don't Chat/PM me for help, unless mod related
                          SG-4860 24.11 | Lab VMs 2.8, 24.11

                          1 Reply Last reply Reply Quote 0
                          • DerelictD Offline
                            Derelict LAYER 8 Netgate
                            last edited by

                            Packet captures generally don't lie.

                            Chattanooga, Tennessee, USA
                            A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                            DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                            Do Not Chat For Help! NO_WAN_EGRESS(TM)

                            1 Reply Last reply Reply Quote 0
                            • First post
                              Last post
                            Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.