Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Checking for open ports ?

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 7 Posters 1.5k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M Offline
      Modesty
      last edited by

      I use Advance port scanner. there is an UDP option, ref screenshot

      b5966995-cec5-4cc4-adfa-83ad1550bb3c-image.png

      Everything can be rebuilt!

      chudakC 1 Reply Last reply Reply Quote 0
      • chudakC Offline
        chudak @Modesty
        last edited by

        @Modesty said in Checking for open ports ?:

        Advance port scanner

        Is it a Windows thing or also for Linux ?

        M 1 Reply Last reply Reply Quote 0
        • M Offline
          Modesty @chudak
          last edited by

          @chudak windows

          Everything can be rebuilt!

          1 Reply Last reply Reply Quote 0
          • stephenw10S Offline
            stephenw10 Netgate Administrator
            last edited by

            If you test remotely you will only see a UDP port as 'open' if what you're testing against chooses to send a reply. Most things won't unless you send the right thing.

            Steve

            1 Reply Last reply Reply Quote 0
            • johnpozJ Offline
              johnpoz LAYER 8 Global Moderator
              last edited by

              ^ exactly, 1194 is the default UDP openvpn port.. .Unless your sending vpn traffic your not going to get an answer, so how would outside testing know that its open?

              An intelligent man is sometimes forced to be drunk to spend time with his fools
              If you get confused: Listen to the Music Play
              Please don't Chat/PM me for help, unless mod related
              SG-4860 24.11 | Lab VMs 2.8, 24.11

              chudakC 1 Reply Last reply Reply Quote 0
              • chudakC Offline
                chudak @johnpoz
                last edited by

                @johnpoz

                I am sending vpn traffic

                nc -zvw10 <SERVER> 2194
                Connection to <SERVER> 2194 port [tcp/*] succeeded!
                yuriw@vmss:~$ nc -zvw10 <SERVER> -u 1194
                Connection to <SERVER> 1194 port [udp/openvpn] succeeded!

                1 Reply Last reply Reply Quote 0
                • stephenw10S Offline
                  stephenw10 Netgate Administrator
                  last edited by

                  You are not actually testing anything there.

                  steve@steve-MMLP7AP-00 ~ $ nc -zvw10 11.11.11.1 -u 1111
                  Connection to 11.11.11.1 1111 port [udp/*] succeeded!
                  

                  Steve

                  chudakC 1 Reply Last reply Reply Quote 0
                  • chudakC Offline
                    chudak @stephenw10
                    last edited by

                    @stephenw10

                    How do you test then ?

                    1 Reply Last reply Reply Quote 0
                    • stephenw10S Offline
                      stephenw10 Netgate Administrator
                      last edited by stephenw10

                      You can't with UDP unless you know what you're testing against will respond.

                      You need to test from both ends so you can see the packets come in and whether they are opening states.

                      Steve

                      1 Reply Last reply Reply Quote 0
                      • johnpozJ Offline
                        johnpoz LAYER 8 Global Moderator
                        last edited by

                        Testing to openvpn is hard, especially if you have set for auth on your tls key - since it won't answer anything at all unless tls key matches..

                        And yup UDP is hard to test as well.. Because there is no handshake..

                        An intelligent man is sometimes forced to be drunk to spend time with his fools
                        If you get confused: Listen to the Music Play
                        Please don't Chat/PM me for help, unless mod related
                        SG-4860 24.11 | Lab VMs 2.8, 24.11

                        1 Reply Last reply Reply Quote 0
                        • DerelictD Offline
                          Derelict LAYER 8 Netgate
                          last edited by

                          Packet captures generally don't lie.

                          Chattanooga, Tennessee, USA
                          A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                          DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                          Do Not Chat For Help! NO_WAN_EGRESS(TM)

                          1 Reply Last reply Reply Quote 0
                          • First post
                            Last post
                          Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.