Firewall Wizards mailing list archives

Re: Tool for testing filters?

From: Chris Brenton <cbrenton () sover net>
Date: Tue, 13 Jan 1998 08:31:29 -0500

Fernando da Silveira Montenegro wrote:

Does anybody
know of a good tool we can use to check if the path from the local ISP
to the corporate firewall) is clear of packet filters that would block
VPN traffic (TCP/1723, TCP/420, SWIPE, IPSEC, GRE, ...)?


How about:telnet target.foobar.com 1723
telnet target.foobar.com 420
etc...

If you can establish a connection, the path is clear. If not, someone is
blocking the port. If you run a program such as port mapper or simply create
a service that cats a text file, you can even set it up so the destination
system responds with a message.

This will not give you the informative feedback that traceroute would, but
then again TCP was not really designed for maintenance.

Hope this helps,
Chris
--
**************************************
cbrenton () sover net

Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ISBN=0782120822/0740-8883012-887529

Support the anti-spam movement: http://www.cauce.org/

Current thread:

Tool for testing filters? Fernando da Silveira Montenegro (Jan 12)
- Re: Tool for testing filters? Chris Brenton (Jan 13)
- Re: Tool for testing filters? myles (Jan 14)
- <Possible follow-ups>
- Re: Tool for testing filters? Fernando da Silveira Montenegro (Jan 13)
  - Re: Tool for testing filters? Chris Brenton (Jan 13)