Analyst Tip: Testing Firewall Egress

A quick tip for testing available TCP egress, using nc, bash, and

for i in {1..1023}; do nc -vz -w 1 $i; done

This will use nc with the -v, -z, and -w switches to attempt to connect to on TCP ports 1 through 1023. -v requests verbose output, -z puts nc in scanning mode, and -w 1 tells nc to time out after one second.

You may need to adjust the value supplied with -w according to the anticipated latency of the network you’re on.

It’s not foolproof, but it’s a rapid way to assess what holes have been punched in the firewall with a minimum of tools.

There’s more information provided by the creator, Beau Bullock, here, along with some useful PowerShell scripts that do similar things.

Analyst TipsOSCPRed TeamHowToBlue Team