How to check for open ports in ISA servers?

Hi Experts,

I've been given a task to confirm few ports are open or not. I'm planning to use netstat command and tcpview tool. We are using ISA 2004. Could you please guide me if there is any other way to confirm them? And in tcpview I can see few status like

1.Listening  2.Established  3.Time-Wait.

I'm little confused as this is the first time I'm confused. Please guide.

Best Regards,
Anupam
anupam1983Asked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Brad HoweDevOps ManagerCommented:
Hmm.. This could be tricky but i wouldn't scan unless you are approved too. You don't want to set off IDS on the firewall.

Advanced Port Scanner 1.3
http://www.radmin.com/products/utilities/portscanner.php

This will scan a network range or single PC for open ports and closed ports.

Cheers,
Hades666
Brad HoweDevOps ManagerCommented:
you could also use MS version

PortQry
http://support.microsoft.com/default.aspx?scid=kb;en-us;310099

ex:
portqry -n 10.10.23.24 -p tcp -r 1:2048 -l 10.10.23.24.txt

Cheers,
Hades666
anupam1983Author Commented:
Hey, thanks a lot! Yeah, u r right. I can't scan for the ports on ISA server, but I can try PortQry. Between, fi a port is open, will it be in Listening state or some other state?

Best Regards,
Anupam
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

Keith AlabasterEnterprise ArchitectCommented:
What? Cause you can.

Drop out to a cmd prompt and type in netstat -an  - the output are the open ports on the ISA Server. What more did you want?

Keith
Brad HoweDevOps ManagerCommented:
Yes, PorTQry will respond with

FILTERED OR NOT LISTENING usually means firewalled.

LISTEN means it conencted to a service.

the easiest wayto test is to try and telnet to the server on the port in suspicion.

ie

telnet serverip 25

This will test if port 25 is open, If it is a black screen will appear. If it isn't then you will get a connection refused.

cheers,
Hades666

Brad HoweDevOps ManagerCommented:
Keith is correct to and you can filter that like such. I was mis-reading the question to test a firewall on incoming ports.

netstat -an | find /i "LISTENING"

But this will only list listening ports with services attached.

cheers,
Hades666
anupam1983Author Commented:
Hi Keith,

I've run the command < netstat -a | findstr /i listening > on ISA server. Does the staus Listening for a particular port means that it is open?

When I execute netstat -an, it shows a huge list. Some ports are showing as ESTABLISHED, some as LISTENING, some as CLOSE_WAIT.

Which status I should consider as "Opening"

Many thanks,
Anupam
Keith AlabasterEnterprise ArchitectCommented:
Netstat -an gives you the status of ports on the local nic ip addresses of a computer at any 'moment in time'. ie that status is only valid at the time the query is run. If you want to know about the states, read the rfc at http://tools.ietf.org/html/rfc793

However you are on dodgy ground - you are using ISA server and this is an application that runs on an operating system. So - picture this - I decide to install an smtp service on my ISA server and bind it to one of my ISA server nics. netstat -an will now show that port 25 is listening on that nic. However, if I do not tell ISA server to allow traffic through the firewall on port 25 then the port is not open. Do you see what I mean?

netstat shows the actual ports and status - it will not report on what ports are open 'to be used/accessed' through the firewall - and THAT is what I expect you have been asked to check..... The only way THAT can be done is by reading the ISA firewall policy rules and the ISA System policy rules from within the ISA gui, it is easy enough



Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Forefront ISA Server

From novice to tech pro — start learning today.