How to listen to all ports (UDP and TCP) or make them all appear open in Debian

linux firewall tcp udp

12,122

Solution 1

tcpdump usually comes as standard on Linux distros. It will log all packets visible at the server note that

you probably want to set it running with a filter for your client IP to cut down on the noise
I think this includes packets not accepted by iptables on the local machine - but you might want to test this

e.g.

/usr/sbin/tcpdump -i eth0 -c 3000000 -np host client.example.com >tcp.log

Then just run nmap from your client.

Solution 2

sudo iptables -t nat -p tcp -I PREROUTING -m multiport --dports 1:65535 -j DNAT --to-destination :5555

ncat -lkp 5555 -vvv

Solution 3

I think you could write a small program with raw sockets using a UDP or TCP, then you can listen all the ports and you just have to filter the headers to know the ports.

Raw socket programming in python (Linux) | BinaryTides

Solution 4

I don't have a good way to test this right now, but...

I believe you can use iptables to translate every port to a single port. It would be something like the following:

iptables -t nat -I PREROUTING -m multiport -sports 0:65535 -J DNAT --to-destination 127.0.0.1:1024

That should redirect all incoming ports to 1024. You can then start a server on 1024.

View more solutions

12,122

Michael

CS Student, optimisation enthusiast. Altruist.

Updated on September 18, 2022

Comments

Michael over 1 year

I got an external Debian server. The problem is that my university campus doesn't allow connections to go outside when the port is different than TCP port 22, 80, 443, or UDP port 123. I tested them manually. On my Debian server I would like to listen to all my UDP and TCP ports so I can clearly figure out which TCP and UDP ports my university let through their firewall. Nmap is wonderful on the client side to test that, but what should I do on the server side?
- Admin over 12 years
  
  Why don't you use an external service like Shiels UP!? If a port appears as closed (as opposed to stealth), it could be reached from external machines.
Michael over 12 years

tcpdump -nnq src host <campus-external-ip> and not port ssh this solved the problem
Zibri about 5 years

sports mean SOURCE PORT... I think he was to redirect DESTINATION ports.
Daniel F over 2 years

From the question I can clearly figure out which TCP and UDP ports my university let through their firewall.: Won't this approach overwrite the ports so that he won't be able to know which incoming port was used?
Zibri over 2 years

@DanielF well you will know that from the scanning machine anyways.
Daniel F over 2 years

Oh, correct, he could also use a specific payload containing the port getting tested. I didn't focus enough to understand that he controlled both the client and the server.