I got an external Debian server. The problem is that my university campus doesn't allow connections to go outside when the port is different than TCP port 22, 80, 443, or UDP port 123. I tested them manually. On my Debian server I would like to listen to all my UDP and TCP ports so I can clearly figure out which TCP and UDP ports my university let through their firewall. Nmap is wonderful on the client side to test that, but what should I do on the server side?
1
-
Why don't you use an external service like Shiels UP!? If a port appears as closed (as opposed to stealth), it could be reached from external machines.– enzotibCommented Nov 16, 2011 at 8:03
Add a comment
|
4 Answers
tcpdump usually comes as standard on Linux distros. It will log all packets visible at the server note that
you probably want to set it running with a filter for your client IP to cut down on the noise
I think this includes packets not accepted by iptables on the local machine - but you might want to test this
e.g.
/usr/sbin/tcpdump -i eth0 -c 3000000 -np host client.example.com >tcp.log
Then just run nmap from your client.
-
1
tcpdump -nnq src host <campus-external-ip> and not port sshthis solved the problem– MichaelCommented Nov 16, 2011 at 20:24
sudo iptables -t nat -p tcp -I PREROUTING -m multiport --dports 1:65535 -j DNAT --to-destination :5555
ncat -lkp 5555 -vvv
-
From the question
I can clearly figure out which TCP and UDP ports my university let through their firewall.: Won't this approach overwrite the ports so that he won't be able to know which incoming port was used?– Daniel FCommented Aug 31, 2021 at 21:52 -
@DanielF well you will know that from the scanning machine anyways.– ZibriCommented Sep 8, 2021 at 4:31
-
Oh, correct, he could also use a specific payload containing the port getting tested. I didn't focus enough to understand that he controlled both the client and the server.– Daniel FCommented Sep 8, 2021 at 20:08
-
Could you please provide more info about those commands? How would you leave iptables as it was before, without the need to reboot?– Pablo ACommented Aug 23, 2023 at 19:14
-
@PabloA you just issue
sudo iptables-save >before.iptthen you can dosudo iptables-restore <before.ipt– ZibriCommented Aug 25, 2023 at 12:29
I don't have a good way to test this right now, but...
I believe you can use iptables to translate every port to a single port. It would be something like the following:
iptables -t nat -I PREROUTING -m multiport -sports 0:65535 -J DNAT --to-destination 127.0.0.1:1024
That should redirect all incoming ports to 1024. You can then start a server on 1024.
answered Nov 16, 2011 at 4:54
-
2sports mean SOURCE PORT... I think he was to redirect DESTINATION ports.– ZibriCommented Apr 15, 2019 at 18:02
I think you could write a small program with raw sockets using a UDP or TCP, then you can listen all the ports and you just have to filter the headers to know the ports.
