udp port

mrshahin

Hi,

I have a question regarding outgoing udp port.

From what I can see traffic on all outgoing ports on our NSA 3650 are allowed. We have an event for a customer and they want to know for sure the some TCP ports and an single udp port is allowed from our LAN. I can use the portlistener on a server outside of our network to check the outgoing traffic on those TCP ports and I can telnet them all from our LAN but when try to use portquery to check the upd port 2088 portquery returen 0x0002 error port blocked. It is possible that our ISP block this upd port.

My question is, how can we show to the customer that our Sonicwall does not block this udp port?

Thanks

shiprasahu93

Hello @mrshahin,

The best way to show that would be performing a packet capture on the concerned port number. The status of the packet can be clearly seen on the firewall's packet monitor section. If the status is forwarded, the firewall isn't blocking it.

https://www.sonicwall.com/support/knowledge-base/how-can-i-setup-and-utilize-the-packet-monitor-feature-for-troubleshooting/170513143911627/

Thanks!

mrshahin

Hi,

Thanks for your reply,

I did run the packet capture on the NSA and try to telnet the one of the tcp ports to see if I can see it in the logs, but I can not see any telnet from the IP of my PC to that IP address. in the logs I can see that I have RDP connection to the same externel IP but not the telnet command or Portquery for udp 2088.

Any suggestion?

shiprasahu93

Hello @mrshahin,

Logs usually show up when something is being blocked. Please look at the packet capture status itself, that should show how the firewall is processing that packet. Can you share a screenshot of the packet capture?
Thanks!

mrshahin

Thanks for your reply,

This is the location,I run the start capture and then telnet the external port or run the portquery, the telnet sessions aresuccessful and portquery for udp is not. after that I export export the logs to the text file and I run a seurch for IP of my PC, but I cannot see the port that I telnet or run portquery for. Or Iam looking at the wrong location?

shiprasahu93

@mrshahin,

Use the following filter on the packet monitor by clicking on configure on that page.

You can mention the other TCP ports as well on the destination port field. Also, please make sure there are no display filters applied.

Thanks!

mrshahin

I did set the filter as you mentioned and then run portquery for both tcp and utp for port 2088 but nothing is showing?

mrshahin

Ok, I think it is working now, I can see this, is this means that our FW allow the outgoing UDP port 2088, right?

shiprasahu93

@mrshahin,

Absolutely correct. The firewall is forwarding the packets out.

Thanks!

mrshahin

Just one more question, the portquery shows status code:  return code 0x00000002.

I use the portlistner for  simulation of the udp 2088 on a machine on internet and on that machine when run telnet localhost 2088 get answer Hello!

Why then portquery failed? Is this means that an device somewhere down the line or our ISP block the port 2088?

shiprasahu93

Hello @mrshahin,

I apologize for the delayed response.

I checked a little bit about the port query tool and looks like it is the correct response for UDP traffic.

• 0 (0x00000000) – the connection has been established successfully and the port is available;
• 1 (0x00000001) – the specified port is unavailable or filtered;
• 2 (0x00000002 – a normal return code when checking the availability of a UDP connection, since ACK response is not returned.

So, it actually means that the port is open as we are sending UDP traffic as we usually do not expect an acknowledgement as we do for TCP.

I hope that helps!

Thanks!