General question regarding port numbers

gbdavidx

Just got a call regarding an odd question - user was able to have a machine connect to the internet but a specific port wasn't working for a product we use pyxis - is there anyway to check specific ports that are being blocked? I am learning CCNA 2nd half right now and the only thing i could think of that would prevent this thing would be an extended access list or another type of firewall

JeanM

end to end you can use a simple telnet test on the port in question.

gbdavidx

but how would it be blocked on the network router? would it be via a firewall software?

JeanM

Could be blocked because of ACL, Firewall, Proxy, VPN tunnels, many different ways really. Even a local OS firewall can have some ports disabled.

davenull

I'd start by checking Windows Firewall.

markulous

If you run a port scanner (e.g. Angry IP Scanner) does it show that port as blocked? If everyone else on that switch is able to access that port then I'd lean towards either a misconfiguration for his software or an application firewall on his computer blocking it.

Heero

When trying to connect to a TCP port, my default test is telnet to the port. You either establish a connection or it times out.

Additionally, doing something like a TCP traceroute on the specific port might be able to shine some light on where it gets dropped, but you have to be careful because this relies on you properly receiving the ICMP TTL exceeded responses which could very well be filtered separately.

theodoxa

gbdavidx wrote: »

but how would it be blocked on the network router? would it be via a firewall software?

Software (Host-Based) Firewall (e.g. Windows Firewall, Norton Internet Security, etc...)
Hardware (Network-Based) Firewall (e.g. Cisco ASA, Dell Sonicwall, Palo Alto, etc...)
Edge Router (ACL, Zone-Based Firewall, CBAC)
IPS/Web Filter/Proxy (e.g. iPrism, WebSense, etc...)