How to Test if a TCP Port is Open on a Target System

Purpose

This document describe how to run a traceroute from the HIAB console to learn if a specific TCP port is open or closed on a target system.

Introduction

After using HIAB to perform a Discovery/Scan against a target the results might appear to be inaccurate with regards to what ports are expected to be open or closed on a target system.

HIAB allows you to check the status of a port on a target system from within the HIAB Console itself using the Traceroute to a host provided in Tools.

Solution

The following can be used to learn if a specific TCP port is open or closed on a target system.

1. Open the Main menu in the HIAB console.
   

   

2. From the HIAB Console, select the “(T) Tools” option from the main menu.
   

   

   
   
   

3. Next, select the “(t) Traceroute to a host” option.

4. For the “Host:” value, type in the IP address of the target system to be tested and press Enter.

5. For the “Enter port (none for normal traceroute):” value, type in the port number to be tested on the target system and press Enter.
   

   

   
   
   

There are three potential outcomes:

1. If the target is live and if the TCP port is open, the results of the test will be displayed almost immediately (often under two seconds) and the response times will be often under one or two milliseconds.
   Provided below is the result of testing the target IP address 10.0.0.11 of which TCP port 445 is confirmed open with the response times under one millisecond.
   

   

   
   
   

2. If the target is live, but the TCP port is closed, the results will not be displayed for approximately 30-60 seconds after traversing all thirty hops.
   Provided below is the result of testing the target IP address 10.0.0.11 of which TCP port 22 is confirmed *not* open.
   

   

   
   
   

3. astly, if the target system is not live, the results will be displayed within 2-5 seconds, but the response times will be above 1000 milliseconds and “!H” will be reflected in its response.
   Provided below is the result output of testing target system IP 10.0.0.200 to learn if TCP port 445 is open. In the results displayed the response times are all above 3,000 milliseconds and “!H” is reflected, which indicates the target system with IP 10.0.0.200 is *not* live.
   

   

   
   

After the trip time, some additional annotation can be printed:
!H -host unreachable
!N -network unreachable
!P -protocol unreachable
!S -source route failed
!F -fragmentation needed
!X -communication administratively prohibited
!V -host precedence violation
!C -precedence cutoff in effect
!<num> -ICMP unreachable code <num>

If almost all the probes result in some kind of unreachable, traceroute will give up and exit.

Traceroute is described in more details in http://www.tin.org/bin/man.cgi?section=8&topic=tcptraceroute

Optionally returning to the Tools menu, selecting the “(p) Ping a host” option and attempting to use Ping to test the same target also reflects its failure to respond to ICMP requests.

_Copyright

_{© 2024 Outpost24® All rights reserved. This document may only be redistributed unedited and unaltered. This document may be cited and referenced only if clearly crediting Outpost24® and this document as the source. Any other reproduction and redistribution in print or electronically is strictly prohibited without explicit permission.}

_Trademark

_{Outpost24® and OUTSCAN™ are trademarks of Outpost24® and its affiliated companies. All other brand names, product names or trademarks belong to their respective owners.}