Re: where packets are dropped in route
> > > Maybe your ISP is blocking port 22 after all. nmap will tell you. > > > > > > > can nmap (which i don't have installed) tell me more > > than telnet - as far as a where a specific IP/port packet > > is being blocked/dropped? > > > > If you mean where along the path it is getting dropped, no. Other than > what you have tried so far with traceroute, I don't believe there is > really any way to tell WHERE certain ports are being dropped. For all > you know, there could be a transparent firewall that drops the packet > and does not send back an ICMP notification. > > Hope this helps. to finish the thread nicely, this is the result of nmap (-P0 required): $ nmap -p 22 -P0 -sA MY-GW-IP Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (MY-GW-IP): Port State Service 22/tcp filteredssh Nmap run completed -- 1 IP address (1 host up) scanned in 36 seconds $ nmap -p 22 -P0 -sW MY-GW-IP Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on (MY-GW-IP): Port State Service 22/tcp filteredssh Nmap run completed -- 1 IP address (1 host up) scanned in 37 seconds --- "filtered" means that nmap(1) cannot determine if a port is open or closed - because it can't reach it, the traceroute(8) utility confirms (i guess): --- $ traceroute -p 22 -P tcp 12.17.140.247 1 1-118-237-24 (24.237.118.1) 150.900 ms 226.750 ms 99.080 ms 2 177-48-96-206 (206.96.48.177) 109.873 ms 118.265 ms 109.982 ms 3 81-128-165-209 (209.165.128.81) 129.754 ms 108.081 ms 129.900 ms 4 9-128-165-209 (209.165.128.9) 99.918 ms 108.252 ms * 5 202-129-165-209 (209.165.129.202) 140.307 ms 128.159 ms 129.912 ms 6 213-129-165-209 (209.165.129.213) 129.899 ms 128.249 ms 129.883 ms 7 sl-gw11-sea-0-2.sprintlink.net (144.228.93.233) 129.916 ms 247.420 ms 119.160 ms 8 sl-bb21-sea-9-3.sprintlink.net (144.232.6.117) 129.923 ms 129.112 ms 129.866 ms 9 sprint-gw.st6wa.ip.att.net (192.205.32.173) 129.941 ms 236.239 ms 129.925 ms 10 gbr4-p40.st6wa.ip.att.net (12.123.44.134) 129.878 ms 276.170 ms 129.826 ms 11 gbr1-p40.st6wa.ip.att.net (12.122.5.162) 129.890 ms 128.086 ms 129.896 ms 12 gar1-p360.st6wa.ip.att.net (12.123.44.58) 139.894 ms 128.144 ms 129.860 ms 13 12.123.203.1 (12.123.203.1) 159.911 ms 159.252 ms 159.929 ms 14 12.124.174.58 (12.124.174.58) 159.894 ms 179.251 ms 189.900 ms 15 12.17.140.1 159.916 ms 219.640 ms 169.925 ms 16 * * * ** TCP SSH port blocked by 12.17.140.1 $ traceroute -p 22 -P udp 12.17.140.247 1 1-118-237-24 (24.237.118.1) 140.974 ms 96.948 ms 109.883 ms 2 177-48-96-206 (206.96.48.177) 99.909 ms 108.272 ms 100.431 ms 3 81-128-165-209 (209.165.128.81) 109.347 ms 98.296 ms 99.874 ms 4 9-128-165-209 (209.165.128.9) 99.923 ms 98.214 ms 99.894 ms 5 202-129-165-209 (209.165.129.202) 129.904 ms 128.249 ms 130.284 ms 6 * * 213-129-165-209 (209.165.129.213) 130.333 ms 7 sl-gw11-sea-0-2.sprintlink.net (144.228.93.233) 128.730 ms 127.648 ms 129.876 ms 8 sl-bb21-sea-9-3.sprintlink.net (144.232.6.117) 129.907 ms 128.742 ms 129.378 ms 9 * sprint-gw.st6wa.ip.att.net (192.205.32.173) 180.893 ms 127.553 ms 10 gbr4-p40.st6wa.ip.att.net (12.123.44.134) 129.917 ms 127.873 ms 130.271 ms 11 gbr1-p40.st6wa.ip.att.net (12.122.5.162) 129.555 ms 128.079 ms 130.012 ms 12 gar1-p360.st6wa.ip.att.net (12.123.44.58) 130.377 ms 127.471 ms 129.905 ms 13 12.123.203.1 (12.123.203.1) 159.890 ms 158.353 ms 180.235 ms 14 12.124.174.58 (12.124.174.58) 329.566 ms 198.359 ms 219.902 ms 15 12.17.140.1 170.460 ms 169.097 ms 159.951 ms 16 MY-GW-IP 339.902 ms 329.998 ms 259.590 ms ** UDP SSH port available (but a UDP connection is useless on port 22). --- thank you all for your assistance and knowledge. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: where packets are dropped in route
On Sat, Mar 22, 2003 at 11:32:15PM +, [EMAIL PROTECTED] wrote: > > Maybe your ISP is blocking port 22 after all. nmap will tell you. > > > > can nmap (which i don't have installed) tell me more > than telnet - as far as a where a specific IP/port packet > is being blocked/dropped? > If you mean where along the path it is getting dropped, no. Other than what you have tried so far with traceroute, I don't believe there is really any way to tell WHERE certain ports are being dropped. For all you know, there could be a transparent firewall that drops the packet and does not send back an ICMP notification. Hope this helps. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: where packets are dropped in route
[EMAIL PROTECTED] wrote: Maybe your ISP is blocking port 22 after all. nmap will tell you. -mackan can nmap (which i don't have installed) tell me more than telnet - as far as a where a specific IP/port packet is being blocked/dropped? Yes, nmap will give you a full report of all useful ports. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: where packets are dropped in route
> > is there any way to determine which machine along > > a route is dropping packets destined for a specific > > IP/port combination? > > > > i can't SSH to my gateway from machines elsewhere > > on the internet, but i can ssh to it on a local net. > > > > i can ssh to other machines elsewhere on the internet > > from the local gateway / local net. > > > > i have no firewall rules blocking any traffic. > > i have the same configuration that i used with > > a previous ISP - where all worked fine > > (except for ppp login mods). > > > > my current ISP claims not to be blocking any traffic. > > i think he is wrong, and would like to identify > > exactly what machine is dropping the packets > > destined for port 22 on my gateway. > > traceroute will allow you to specify a port/proto instead of > using ICMP. yes - have used the following, but was unsure if the following underlined statements meant using traceroute would be a bogus method: traceroute(1): -P Send packets of specified IP protocol. The cur- rently supported protocols are: UDP, TCP and GRE. Other protocols may also be specified (either by name or by number), though traceroute does not implement any special knowledge of their packet formats. This option is useful for determining which router along a path may be blocking packets based on IP protocol number. But see BUGS below. ^^^ BUGS When using protocols other than UDP, functionality is reduced. In particular, the last packet will often appear ^ to be lost, because even though it reaches the destination ^^ host, there's no way to know that because no ICMP message Is sent back. In the TCP case, traceroute should listen for a RST from the destination host (or an intermediate router that's filtering packets), but this is not imple- mented yet. -p Protocol specific. For UDP and TCP, sets the base port number used in probes (default is 33434). Traceroute hopes that nothing is listening on UDP ports base to base + nhops - 1 at the destination ^^^ host (so an ICMP PORT_UNREACHABLE message will be returned to terminate the route tracing). If some- thing is listening on a port in the default range, this option can be used to pick an unused port range. results: --- $ traceroute -p 22 -P tcp MYGATEWAY (from a remote machine) this probe is ok, up to and including the machine my gateway connects to - just when it should show my gateway, traceroute(1) displays asterisks * * *. $ traceroute -p 22 -P udp MYGATEWAY (from a remote machine) this probe works fine without problem. > Other tools might be helpful as well. Use nmap (in ports) to > see if packets are being denied or simply dropped. You could > use traceroute in combination with nmap and simply test each > host along the path. testing each host along the path seemed unreliable to me because a firewall/ipchains could deny specific IP/port packets to itself, while allowing them to pass through if destined for another machine. > Check sockstat on the ssh server and make sure it's acutally > binding to the proper IP as well. $ sockstat | grep 22 root sshd 8673 tcp4 *:22 *:* root sshd634 tcp4 MY-GW-IP:22 192.168.0.26:2040 root named 34 22 udp4 127.0.0.1:53 *:* > -- > Bill Moran > Potential Technologies > http://www.potentialtech.com what follows is a result of "telnet" port scans: --- 1. I have no firewalls and no ipchains and no packet filtering software of any kind. 2. PORT SCAN (SSH PORT 22 CONNECTS) - FROM: ELSEWHERE ON THE INTERNET TO: ELSEWHERE ON THE INTERNET 01:rtmp: telnet: connect to address 65.96.40.34: refused 02: nbp: telnet: connect to address 65.96.40.34: refused 03: compressnet: telnet: connect to address 65.96.40.34: refused 04:echo: telnet: connect to address 65.96.40.34: refused 05: #: telnet: connect to address 65.96.40.34: refused 06: zip: telnet: connect to address 65.96.40.34: refused 07:echo: telnet: connect to address 65.96.40.34: refused 08:: telnet: connect to address 65.96.40.34: refused 09: discard:
Re: where packets are dropped in route
> Maybe your ISP is blocking port 22 after all. nmap will tell you. > > -mackan can nmap (which i don't have installed) tell me more than telnet - as far as a where a specific IP/port packet is being blocked/dropped? To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: where packets are dropped in route
Quoting Bill Moran <[EMAIL PROTECTED]>: > [EMAIL PROTECTED] wrote: > > i can't SSH to my gateway from machines elsewhere > > on the internet, but i can ssh to it on a local net. [...] > > my current ISP claims not to be blocking any traffic. > > i think he is wrong, and would like to identify > > exactly what machine is dropping the packets > > destined for port 22 on my gateway. [...] > traceroute will allow you to specify a port/proto instead of > using ICMP. > Other tools might be helpful as well. Use nmap (in ports) to > see if packets are being denied or simply dropped.> -- Do you have shell access to another host on the internet? Try nmap (as already suggested) from that host and scan your own machine. Maybe your ISP is blocking port 22 after all. nmap will tell you. -mackan To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
Re: where packets are dropped in route
[EMAIL PROTECTED] wrote: is there any way to determine which machine along a route is dropping packets destined for a specific IP/port combination? i can't SSH to my gateway from machines elsewhere on the internet, but i can ssh to it on a local net. i can ssh to other machines elsewhere on the internet from the local gateway / local net. i have no firewall rules blocking any traffic. i have the same configuration that i used with a previous ISP - where all worked fine (except for ppp login mods). my current ISP claims not to be blocking any traffic. i think he is wrong, and would like to identify exactly what machine is dropping the packets destined for port 22 on my gateway. traceroute will allow you to specify a port/proto instead of using ICMP. Other tools might be helpful as well. Use nmap (in ports) to see if packets are being denied or simply dropped. You could use traceroute in combination with nmap and simply test each host along the path. Check sockstat on the ssh server and make sure it's acutally binding to the proper IP as well. -- Bill Moran Potential Technologies http://www.potentialtech.com To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message
where packets are dropped in route
FBSD 4.7 is there any way to determine which machine along a route is dropping packets destined for a specific IP/port combination? i can't SSH to my gateway from machines elsewhere on the internet, but i can ssh to it on a local net. i can ssh to other machines elsewhere on the internet from the local gateway / local net. i have no firewall rules blocking any traffic. i have the same configuration that i used with a previous ISP - where all worked fine (except for ppp login mods). my current ISP claims not to be blocking any traffic. i think he is wrong, and would like to identify exactly what machine is dropping the packets destined for port 22 on my gateway. thank you - please Cc any replies off list. To Unsubscribe: send mail to [EMAIL PROTECTED] with "unsubscribe freebsd-questions" in the body of the message