Firewall Tester

[rsteward]

I'm looking for a windows application that i can list out IP address and Port to see if the Firewall is open or not. 

Occasionally my company audits FW rules and removes ones they deem unnecessary.  I'd like to have an app i could put all the servers:port i access and allow me to quickly check what is available and what access is broken.

Currently i'm using "telnet <hostname/ip> <port>" but was looking for a better streamlined approach.

Any suggestions?

[Shades]

For your purposes, 'cstatus' from a fellow DC member could fit the bill. On first glance it doesn't look like it, because the initial interface is for checking how fast (or available) your DNS servers are. But if you look a bit further, you'll see there are more tools included inside this one, including an IP check tool. When you open that section, you will see that it can check which IP addresses are available in a given range, but you can also check if ports are open on the machines that have an IP address inside the selected range.

[rsteward]

That looks good, i'll give it a shot.

[rsteward]

I don't think cstatus is going to work for me.  I have many servers where PING is not enabled and have to use the telnet command to see if the port is open. 

For your purposes, 'cstatus' from a fellow DC member could fit the bill. On first glance it doesn't look like it, because the initial interface is for checking how fast (or available) your DNS servers are. But if you look a bit further, you'll see there are more tools included inside this one, including an IP check tool. When you open that section, you will see that it can check which IP addresses are available in a given range, but you can also check if ports are open on the machines that have an IP address inside the selected range.

-Shades (September 26, 2022, 06:25 PM)

[skwire]

I don't think cstatus is going to work for me.  I have many servers where PING is not enabled and have to use the telnet command to see if the port is open.

-rsteward (September 27, 2022, 01:39 PM)

Checking ports has nothing to do with ping.  As Shades mentioned, in the cStatus program, choose Tools > IP Scanner from the menu and use that to check for open ports.  Check out the third screenshot on this page: https://www.hnsoft.p.../Screenshots_cstatus

Additionally, the de facto network scanning tool is nmap.  It's a commandline program that's available on just about any platform, but you can use the Zenmap GUI if a GUI suits you better.

[Shades]

I don't think cstatus is going to work for me.  I have many servers where PING is not enabled and have to use the telnet command to see if the port is open. 

-rsteward (September 27, 2022, 01:39 PM)

nmap is great at what it does, but Windows quite often flags it as malware. Or at least a piece of software the user needs protection from (according to Microsoft). When you get it from the creator's website, it is a false positive.

On a general note: in your network you have telnet enabled, yet ICMP (ping) disabled? Telnet is kinda infamous for being unsafe, in (much) more ways than the ICMP protocol is.

[nickodemos]

https://www.grc.com/shieldsup

[x16wda]

TCPing should work. I have found it very useful.

Simplest form: tcping.exe host port

Numerous options are available. I use this a lot to just check a port quickly.

[Stoic Joker]

On a general note: in your network you have telnet enabled, yet ICMP (ping) disabled? Telnet is kinda infamous for being unsafe, in (much) more ways than the ICMP protocol is.

-Shades (September 27, 2022, 03:32 PM)

They're probably just using the telnet client for diagnostic purposes (I do quite frequently as well) and not the server. Since they're separate components, there's no risk to having just the client installed.