Scan for Blocked Outgoing Ports

While it is useful to see that a port is being blocked: 

$ tracetcp www.ebay.co.uk:135

Tracing route to 66.135.192.41 [www.ebay.co.uk] on port 135
Over a maximum of 30 hops.
1       1 ms    1 ms    1 ms    192.168.0.1     [wintermute]
2       10 ms   13 ms   9 ms    10.78.128.1
3       *       *       *       Request timed out.
4       *       *       *       Request timed out.
5       *       *       *       Request timed out.
6 ... continues until maximum number of hops reached.

tracetcp can be used to scan a range of ports to find which are blocked and which are not. The command line seems a little complex so I'll go though them all. We are scanning the range of ports 130-140 (-r 130 140). To speed things up the timeout is set to 0.5 seconds (-t 500). Condensed output mode is enabled (-c) or we will get screens full of output. Reverse DNS lookups are disabled (-n). Each packet we send has a TTL set to 3 (-h 3), is only sent for 1 hop (-m 1), and only 1 packet is sent per hop (-p).

Note that it doesn't really matter what host is used for the trace as none of the packets will ever reach it as they will all expire before reaching the host. 

$ tracetcp www.ebay.co.uk -h 3 -m 1 -p 1 -t 500 -c -r 130 140 -n
[66.135.192.41:130]  3  11 ms   62.30.193.33
[66.135.192.41:131]  3  11 ms   62.30.193.33
[66.135.192.41:132]  3  10 ms   62.30.193.33
[66.135.192.41:133]  3  10 ms   62.30.193.33
[66.135.192.41:134]  3  13 ms   62.30.193.33
[66.135.192.41:135]  3  *       Request timed out.
[66.135.192.41:136]  3  10 ms   62.30.193.33
[66.135.192.41:137]  3  *       Request timed out.
[66.135.192.41:138]  3  *       Request timed out.
[66.135.192.41:139]  3  *       Request timed out.
[66.135.192.41:140]  3  11 ms   62.30.193.33

By changing the command line slightly we can trace from hop 1 to 3 for each port (-h 1 -m 3) so as to determine at which hop the ports are blocked. Port 135 is block by my ISPs router at hop 2, and ports 137, 138, 139 are blocked by my own router at hop 1. 

$ tracetcp www.ebay.co.uk -h 1 -m 3 -p 1 -t 500 -c -r 134 140 -n
[66.135.208.41:134]  1  1 ms    192.168.0.1
[66.135.208.41:134]  2  12 ms   10.78.128.1
[66.135.208.41:134]  3  10 ms   62.30.193.33

[66.135.208.41:135]  1  1 ms    192.168.0.1
[66.135.208.41:135]  2  10 ms   10.78.128.1
[66.135.208.41:135]  3  *       Request timed out.

[66.135.208.41:136]  1  1 ms    192.168.0.1
[66.135.208.41:136]  2  11 ms   10.78.128.1
[66.135.208.41:136]  3  9 ms    62.30.193.33

[66.135.208.41:137]  1  1 ms    192.168.0.1
[66.135.208.41:137]  2  *       Request timed out.
[66.135.208.41:137]  3  *       Request timed out.

[66.135.208.41:138]  1  1 ms    192.168.0.1
[66.135.208.41:138]  2  *       Request timed out.
[66.135.208.41:138]  3  *       Request timed out.

[66.135.208.41:139]  1  1 ms    192.168.0.1
[66.135.208.41:139]  2  *       Request timed out.
[66.135.208.41:139]  3  *       Request timed out.

[66.135.208.41:140]  1  1 ms    192.168.0.1
[66.135.208.41:140]  2  12 ms   10.78.128.1
[66.135.208.41:140]  3  187 ms  62.30.193.33
Site Meter