How to listen to all ports (UDP and TCP) or make them all appear open in Debian
Solution 1
tcpdump usually comes as standard on Linux distros. It will log all packets visible at the server note that
-
you probably want to set it running with a filter for your client IP to cut down on the noise
-
I think this includes packets not accepted by iptables on the local machine - but you might want to test this
e.g.
/usr/sbin/tcpdump -i eth0 -c 3000000 -np host client.example.com >tcp.log
Then just run nmap from your client.
Solution 2
sudo iptables -t nat -p tcp -I PREROUTING -m multiport --dports 1:65535 -j DNAT --to-destination :5555
ncat -lkp 5555 -vvv
Solution 3
I think you could write a small program with raw sockets
using a UDP or TCP, then you can listen all the ports and you just have to filter the headers to know the ports.
Raw socket programming in python (Linux) | BinaryTides
Solution 4
I don't have a good way to test this right now, but...
I believe you can use iptables
to translate every port to a single port. It would be something like the following:
iptables -t nat -I PREROUTING -m multiport -sports 0:65535 -J DNAT --to-destination 127.0.0.1:1024
That should redirect all incoming ports to 1024. You can then start a server on 1024.
Related videos on Youtube
Comments
-
Michael over 1 year
I got an external Debian server. The problem is that my university campus doesn't allow connections to go outside when the port is different than TCP port 22, 80, 443, or UDP port 123. I tested them manually. On my Debian server I would like to listen to all my UDP and TCP ports so I can clearly figure out which TCP and UDP ports my university let through their firewall. Nmap is wonderful on the client side to test that, but what should I do on the server side?
-
Admin over 12 yearsWhy don't you use an external service like Shiels UP!? If a port appears as closed (as opposed to stealth), it could be reached from external machines.
-
-
Michael over 12 years
tcpdump -nnq src host <campus-external-ip> and not port ssh
this solved the problem -
Zibri about 5 yearssports mean SOURCE PORT... I think he was to redirect DESTINATION ports.
-
Daniel F over 2 yearsFrom the question
I can clearly figure out which TCP and UDP ports my university let through their firewall.
: Won't this approach overwrite the ports so that he won't be able to know which incoming port was used? -
Zibri over 2 years@DanielF well you will know that from the scanning machine anyways.
-
Daniel F over 2 yearsOh, correct, he could also use a specific payload containing the port getting tested. I didn't focus enough to understand that he controlled both the client and the server.