On some networks (primarily corporate ones), the firewall restricts outbound connections to some port number. The allowed ports generally comprise of port 80, 11, 443, etc.
Is there a way I could do a quick port scan to find a which ports are firewalled and which aren't?
Sure, you could try to port scan a target on the other side of the firewall that you know accepts connections on every port (but good luck finding one of those or keeping it online), but the better approach is going to be only testing the ports you're interested in, because it's faster, easier and less likely to get you in trouble for port scanning.
There's no simple trick to getting this information, though (other than checking the firewall configuration), and this is at least partially by design - information on what traffic is and isn't allowed through a firewall isn't readily disclosed, because having that information would help an attacker improve his efforts to penetrate the network.
I can't comment unfortunately, but HoplessN00b's comment makes me search for some service with all port opened and it really exists - portquiz.net.
So runing of
netcat -vz portquiz.net 1-9999 2>&1 | grep -v failed
give you list of available ports, you are able to use/connect from restricted network.
This is the final command I came up with that includes a one second timeout to iterate through more quickly:
netcat -vz -w 1 portquiz.net 1-65535 2>&1 | grep succeeded
The cli arguments may be different depending on your version of netcat.
