[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: testing open ports on the user's side

On Friday 28 May 2004 15:59, Emma Jane Hogbin hurled the following on the 
> On Thu, May 27, 2004 at 10:32:20PM -0700, Alvin Oga wrote:
> > > I'm working on a web site that includes streamed rich media files. I
> > > need a way to test to see which ports the user can access if they're
> > > behind a firewall. I'm guess that I need to try and send them an object
> > > (a picture maybe?) on one of the ports I need information about and
> > > then see if the picture is received or not.
> >
> > any secure site will only allow port 80 or port 443 for web ...
> It's not the server I'm testing, it's the user. Some streaming video
> (RealPlayer) doesn't come through on regular ports so the client wants a
> little app that they can ping at the *user* to figure out if they should
> send RealPlayer or something else.

You will never be very successfull if you try to connect to a port on the 
client. Any client with an adminitstrator with half a brain will only allow 
incoming traffic that is part of a connection that originated on the client. 
(so called statefull filtering) With some exceptions like bootp.
Furthermore any client that's behind a device that does NAT is unreachable. 

A client receiving data on a port and a client being reachable and listening 
on a port are 2 different things. Even if the client is open on the internet 
(no firewall or NAT) when you connect to it, you can only see if it sends you 
a RST since that port will be closed.
I really think you'd better let them try to see if it works.


This e-mail and any attached files are confidential and may be legally privileged. If you are not the addressee, any disclosure, reproduction, copying, distribution, or other dissemination or use of this communication is strictly prohibited. If you have received this transmission in error please notify A.S.T.R.I.D.  nv/sa immediately and then delete this e-mail.

Reply to: