Firewall blocks traffic - how to find out what ports / ip addresses are used by software?
Solution 1
Are you using Linux? If so, as others mentioned, you access the data using wireshark/tcpdump, filtered for the IP, while using that software.
On the server, you can try running netstat or a similar program depending on your OS that will tell you what ports are being listened to. Use the man page to see if further options (such as what the program command line is for each listened port) can help you narrow it down.
Or you can drop the firewall temporarily and run NMap against the server, scanning all ports, to see what's open. Or scan it from behind your firewall if you're not running a software firewall. Note the open ports and investigate.
If it is on Linux (or some Windows machines) you can look in the config files to see if they have a port specified.
Last, see if you can get in touch with any of the ex-developers from that company, or other customers of that software and see if they can help; if you can find any of them, maybe they know of other customers or have a support forum or other admins that are running the software that can get into a mailing list to help each other out.
Solution 2
If you have access to the firewall logs look in them.
Solution 3
If it's not in the documentation, you're going to have to sift through a Wireshark or Netmon dump. That being said, a quick call to the mystery application's support staff should resolve your problem.
Related videos on Youtube
03 : 34
02 : 02
07 : 18
06 : 35
03 : 25
Toskan
Updated on September 18, 2022Comments
-
Toskan over 1 year
Well I get a "host was not accessible" error when trying to use a software. I don't know which port they use nor which address they are trying to reach. Is there a more or less easy way to figure that out?
I got a program called wireshark - but the data is just huge. Is there an alternative or way to filter data to get a good overview?
-
weeheavy over 12 yearsIs that software well-known? If yes, please reveal its name.
-
Toskan over 12 yearsit was developed by an external 3 person company which no longer exists.
-
MDMarra over 12 years@Toskan Then it's time to sit down and sort out that packet capture.
-
-
Toskan over 12 yearssee my comment top
-
Toskan over 11 yearswell this is a good idea, but I asked them and as it turned out, there wasn't a problem with the firewall. It was a new installation and the personal firewall on the windows blocked the traffic.
-
Toskan over 11 yearsas I was running a software firewall, I'll accept this answer since it mentions it. It was btw an attempt to active ftp on port 20 (grmpf)
