How to detect if a network is blocking outgoing ports?
tl;dr
Run this command to test a specific port (fast).
time nmap -p 22 portquiz.net
Run this command to test popular ports (slow).
time nmap portquiz.net
Run this command to test all ports (extremely slow).
time nmap -p- portquiz.net | grep -i open
Source: https://tech.michaelaltfield.net/2018/07/03/detect-outgoing-port-blocking-with-nmap-and-portquiz-net/
Solution Explained
To test if a given outgoing port is blocked on your network by some malicious middlebox, you can try to telnet into a server that has a service running on that port.
In this example, we use portquiz.net--which is a public service designed for this purpose. It uses iptables' nat table and has all tcp ports open.
# first we verify that we _can_ connect over port 443, which >99% of
# networks won't block; it works
user@personal:~$ time echo 'exit' | telnet portquiz.net 443
Trying 178.33.250.62...
Connected to portquiz.net.
Escape character is '^]'.
Connection closed by foreign host.
real 0m0.069s
user 0m0.002s
sys 0m0.043s
user@personal:~$
# next we try to connect over a port that's suspected of being blocked; it fails
user@personal:~$ time echo 'exit' | telnet portquiz.net 22
Trying 178.33.250.62...
telnet: Unable to connect to remote host: Connection timed out
real 2m10.635s
user 0m0.004s
sys 0m0.035s
user@personal:~$
Note that the first command exited immediately with the message Connected to portquiz.net
, which indicates that the outgoing port 443 is not being blocked by the network.
The second command, however, says Unable to connect to remote host: Connection timed out
. This shows that--unless there's an issue at portquiz.net--the outgoing port 22 is probably being blocked on your network.
You can take this a step further using nmap to get a list of all the ports that are not blocked by the network. For example:
user@personal:~$ time nmap -p- portquiz.net | grep -i open
21/tcp open ftp
53/tcp open domain
80/tcp open http
143/tcp open imap
443/tcp open https
465/tcp open smtps
587/tcp open submission
993/tcp open imaps
1935/tcp open rtmp
4070/tcp open unknown
real 3m48.324s
user 0m18.885s
sys 0m29.077s
user@personal:~$
In the above command, we can see that all outgoing ports are blocked except 21, 53, 80, 143, 443, 465, 587, 993, 1935, and 4070. In a normal/uncensored network, this list would be much, much longer (probably showing all 65535 ports)