Detect what outgoing ports are bypassed by firewall

networking firewall port tcp

6,876

You can use portquiz.net, which is exactly the kind of server you're looking for. For example, following shell script does the job:

for x in `seq 1 65535`; do

    echo -ne "$x "
    curl "http://portquiz.net:$x" \
      --connect-timeout 1 \
      -o /dev/null \
      -q >/dev/null 2>&1 \
        && echo 'open' \
        || echo 'closed'

done | tee ports.lst

Note that this is going to run for quite a long time, so if you're impatient, you can parallelize the task using GNU parallel.

Also, some ports on portquiz seem to be blocked on their end (as far as I remember they're ports for SSH and HTTPS), but other than a few special cases, all of the remaining ports should be open.

6,876

Shou Ya

Updated on September 18, 2022

Comments

Shou Ya over 1 year

My school has a firewall which limits most outgoing ports. There're only TCP/80, TCP/443, TCP/21 allowed. Is there's a way to find out all the outgoing port allowed by the firewall?

My current idea: open all TCP ports with nc on a remote server, then use nmap to scan which ports are accessible. But how do I do if I don't have a remote server? or is there a public server that opens all the ports for this kind of tests?

For those who are concerning that I'm breaching the school's rules, I think it's not a big deal to do that. Suppose I was establishing a service in external host and wish it to be accessible by the school network, I would be willing to know which ports I could use for this service. I was not breaking anything. I believe doing it is 100% legal.
maxwellb almost 11 years

Most of these efforts are not entirely valid if your traffic is also subject to packet inspection, and not simple Allow/Deny connect rules.
comp500 over 6 years

--max-time 1 or -m 1 on curl will limit the total amount of time it is allowed to take, making this much faster.