Netgate Discussion Forum
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search
    • Register
    • Login

    Checking for open ports ?

    Scheduled Pinned Locked Moved General pfSense Questions
    19 Posts 7 Posters 1.5k Views 8 Watching
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • chudakC Offline
      chudak @Modesty
      last edited by

      @Modesty said in Checking for open ports ?:

      Advance port scanner

      Is it a Windows thing or also for Linux ?

      M 1 Reply Last reply Reply Quote 0
      • M Offline
        Modesty @chudak
        last edited by

        @chudak windows

        Everything can be rebuilt!

        1 Reply Last reply Reply Quote 0
        • stephenw10S Offline
          stephenw10 Netgate Administrator
          last edited by

          If you test remotely you will only see a UDP port as 'open' if what you're testing against chooses to send a reply. Most things won't unless you send the right thing.

          Steve

          1 Reply Last reply Reply Quote 0
          • johnpozJ Offline
            johnpoz LAYER 8 Global Moderator
            last edited by

            ^ exactly, 1194 is the default UDP openvpn port.. .Unless your sending vpn traffic your not going to get an answer, so how would outside testing know that its open?

            An intelligent man is sometimes forced to be drunk to spend time with his fools
            If you get confused: Listen to the Music Play
            Please don't Chat/PM me for help, unless mod related
            SG-4860 24.11 | Lab VMs 2.8, 24.11

            chudakC 1 Reply Last reply Reply Quote 0
            • chudakC Offline
              chudak @johnpoz
              last edited by

              @johnpoz

              I am sending vpn traffic

              nc -zvw10 <SERVER> 2194
              Connection to <SERVER> 2194 port [tcp/*] succeeded!
              yuriw@vmss:~$ nc -zvw10 <SERVER> -u 1194
              Connection to <SERVER> 1194 port [udp/openvpn] succeeded!

              1 Reply Last reply Reply Quote 0
              • stephenw10S Offline
                stephenw10 Netgate Administrator
                last edited by

                You are not actually testing anything there.

                steve@steve-MMLP7AP-00 ~ $ nc -zvw10 11.11.11.1 -u 1111
                Connection to 11.11.11.1 1111 port [udp/*] succeeded!
                

                Steve

                chudakC 1 Reply Last reply Reply Quote 0
                • chudakC Offline
                  chudak @stephenw10
                  last edited by

                  @stephenw10

                  How do you test then ?

                  1 Reply Last reply Reply Quote 0
                  • stephenw10S Offline
                    stephenw10 Netgate Administrator
                    last edited by stephenw10

                    You can't with UDP unless you know what you're testing against will respond.

                    You need to test from both ends so you can see the packets come in and whether they are opening states.

                    Steve

                    1 Reply Last reply Reply Quote 0
                    • johnpozJ Offline
                      johnpoz LAYER 8 Global Moderator
                      last edited by

                      Testing to openvpn is hard, especially if you have set for auth on your tls key - since it won't answer anything at all unless tls key matches..

                      And yup UDP is hard to test as well.. Because there is no handshake..

                      An intelligent man is sometimes forced to be drunk to spend time with his fools
                      If you get confused: Listen to the Music Play
                      Please don't Chat/PM me for help, unless mod related
                      SG-4860 24.11 | Lab VMs 2.8, 24.11

                      1 Reply Last reply Reply Quote 0
                      • DerelictD Offline
                        Derelict LAYER 8 Netgate
                        last edited by

                        Packet captures generally don't lie.

                        Chattanooga, Tennessee, USA
                        A comprehensive network diagram is worth 10,000 words and 15 conference calls.
                        DO NOT set a source address/port in a port forward or firewall rule unless you KNOW you need it!
                        Do Not Chat For Help! NO_WAN_EGRESS(TM)

                        1 Reply Last reply Reply Quote 0
                        • First post
                          Last post
                        Copyright 2025 Rubicon Communications LLC (Netgate). All rights reserved.