Bookmark and Share

Author Topic: how to check port fowarding on another device  (Read 4840 times)

0 Members and 1 Guest are viewing this topic.

Offline jeromephone

  • PcWinTech Jr. Member
  • Join Date: Apr 2017
  • Posts: 1
  • Karma: 0
how to check port fowarding on another device
« on: April 30, 2017, 08:06:55 AM »
I have a arris  router that I have successfully port fwd to a camera that sits at IP 134 my PC is on 190  ( on my internal network)  my question is how can I use the program to check for open ports on other devices. Lets say I go to a customer who has a dvr and I get on his network and I want to see if ports are fwd to his dvr but I cannot enter the DVR address in the box that defaults to my pc address. If I run the port checker from 190 I get a message that says none of the ports are open however they are just pointing to the other address.  I must be missing something not the first time :thinking:

PcWinTech.com Forums

how to check port fowarding on another device
« on: April 30, 2017, 08:06:55 AM »

Offline trpted

  • PcWinTech Guru
  • ******
  • Join Date: Sep 2011
  • Posts: 1,095
  • Karma: 37
Re: how to check port fowarding on another device
« Reply #1 on: April 30, 2017, 01:11:55 PM »
These options

** One **

To use an inbound client side port checker, you must forward the ports to a computer that has a  inbound client side port checker running on it.

As need be, change the forwarding rule to stop forwarding to the DVR and forward instead

** Option two **

#1 Temporary disable the forwarding rule in the NAT router.

#2 Use any web based checker to check the port status.

#3 If the port is Open, something is horribly wrong there.

a) UPnP in the NAT router enabled (automatic forwarding without the need to log-in to the NAT router)?

b) Remote Control of the NAT router enabled?

d) Back Door - a different kind of Remote Control of the NAT router enabled !! ?

e) Not your NAT router (example ISP's Central NAT router) ?

#4 If the port is not open as expected :) , re-enable the forwarding rule in the NAT router.

#5 With any web based checker to re-check the port status.

a) If open, great. I will tell you what it means if you can only connect using the local/LAN/Internal IP Address from behind this same NAT router.

b) If not open, something is blocking it.

** Option three **

#1 Quoting my self

Quote

#1 From DSLR (dslreports.com) -> Forums -> Broadband and Networking -> Networking -> How to know if ports are reaching my computer from outside the post by DSLR user mackey (user # 1479488) on 2015-Sep-24 at 8:05 pm - if you wanted to test port 5154, besides using an inbound client side port checker:

Quote
Run tcpdump (`tcpdump -p -n -i <interface> port 5154` would be a good command to start with). If you see incoming TCP SYN packets (not SYN/ACK), or incoming UDP packets from an IP which did not have an outgoing packet first, then the port is open.

#2 For tcpdump on Windows I found this info https://uwnthesis.wordpress.com/2014/05/26/windump-how-to-use-windump-tcpdump-on-windows-7-the-visual-guide/

#3 For a TCP and a UDP port checker you can use http://www.base64online.com/port-check.php

#4 Using a packet sniffer (like tcpdump = command line / like wireshark = GUI) you should see the traffic from an outside IP address reaching your computer, like I did (when you are forwarding the ports to your computer).

Code: [Select]
    user-name@pc-name:~$ tcpdump -p -n -i eth0 port 5154
    tcpdump: eth0: You don't have permission to capture on that device
    (socket: Operation not permitted)
    user-name@pc-name:~$ sudo tcpdump -p -n -i eth0 port 5154
    [sudo] password for user-name:
    tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
    listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
    08:40:24.169428 IP 192.168.2.138.50157 > 192.168.2.255.5154: UDP, length 6
    08:42:15.839461 IP 4.79.142.206.37174 > 192.168.2.138.5154: Flags [S], seq 1464127243, win 8192, options [mss 1460], length 0
    08:49:05.773987 IP 90.145.69.116.51145 > 192.168.2.138.5154: UDP, length 0
    08:49:06.938818 IP 90.145.69.116.36530 > 192.168.2.138.5154: UDP, length 0
    08:57:57.580814 IP 198.199.98.246.42092 > 192.168.2.138.5154: Flags [S], seq 3027635480, win 14600, options [mss 1460,sackOK,TS val 4240686068 ecr 0,nop,wscale 8], length 0
    08:57:57.712334 IP 198.199.98.246.42093 > 192.168.2.138.5154: Flags [S], seq 1267700791, win 14600, options [mss 1460,sackOK,TS val 4240686102 ecr 0,nop,wscale 8], length 0
    08:57:57.840328 IP 198.199.98.246.42095 > 192.168.2.138.5154: Flags [S], seq 1515263633, win 14600, options [mss 1460,sackOK,TS val 4240686134 ecr 0,nop,wscale 8], length 0
    ^C
    7 packets captured
    7 packets received by filter
    0 packets dropped by kernel
    user-name@pc-name:~$


#5 Some notes about my testing..

a) 192.168.2.138.50157 is from this same computer.

b) As noted at grc.com -> Services -> Shield's Up they own 4.79.142.192 -thru- 4.79.142.207.

c) I believe 198.199.98.246 is from http://www.yougetsignal.com/tools/open-ports/ as it only checks TCP ports.

d) As you can see, I checked port 5154.

#6 The only UDP ports that grc.com checks, that I know of, are:

a) DNS (53) grc.com -> Freeware -> Utilities -> DNS Benchmark -> DNS Spoofability Test Introduction (or grc.com -> Services -> DNS Spoofability Test)

b) Universal Plug n'Play (UPnP) = 1900

https://www.grc.com/port_5000.htm

From grc.com -> Services -> Shield's Up: Click on Proceed and then GRC's Instant UPnP Exposure Test.


#2 To see traffic with a packet sniffer from other computers, for example like so..

a) The computer that you want to watch with must be put into Promiscuous mode as noted at https://wiki.wireshark.org/CaptureSetup where it clearly says Capture traffic destined for machines other than your own

b) A networking hub is connected by wire to the NAT router.

c) The computer that you want to watch and the other computer that you want to watch with connected to the networking hub as noted at https://wiki.wireshark.org/CaptureSetup/Ethernet where it says Shared Ethernet. Note at that Wiki, it also talks about how to sniffer/watch on Switched Ethernet where it has for example Capture using a monitor mode of the switch

d) All of the other computers can be connected by wire or by wireless to the NAT router.
Private messages (PM) are not for support questions or for hints to not yet answered topics. The PMs are basically for confident conversation between the users, off the forum.

PcWinTech.com Forums

Re: how to check port fowarding on another device
« Reply #1 on: April 30, 2017, 01:11:55 PM »