(2010-03-11) Ok, one last trick

Sorry, no time for a short essay today. (Though it rhymes) So heres just a short tip for you troubleshooters out there: how to spot a closed firewall.

Assume that you have a service or a program that complains that it cannot connect to what it is supposed to connect to. Is it a firewall problem? Heres a very quick way to find out:

Open a command prompt and type this, but do NOT press enter:

netstat aon|find SYN

(The thing between the aon and find is a pipe or delimiter as some people would call it)

Now start the service or program then immediately go back to the command prompt and press enter. You may have to issue the netstat command a few times to find the problem. If a row stating SYN SENT is visible, and it stays that way when you issue the command again, you have a firewall dropping traffic or some other connectivity problem. Caveat: if the connection is tried against a closed port, a RST comes back immediately, so you wont see anything. Caveat 2: it only works for TCP connections.

SYN Sent means that it tries to initiate a TCP three-way handshake, but has not yet gotten a reply. This passes so quickly you wont be able to catch it. Unless the firewall silently drops it and the connection has to wait. Then you can see it for 15 seconds before it gives up. There you go!

Tags: Firewalls, Network security, troubleshooting, Syn
Posted: 2010-06-17 by Erik Zalitis
Changed: 2010-06-17 by Erik Zalitis

News archive