Creating host to respond to all ports

[ljroach]

I need a little help. I am looking for a quick and easy way to create a machine that will respond and ack all ports. I am basically trying to test an acl created in a test environment that has only two machines in it. Being that these machienes are only responding to a few ports I cannot tell whether there are holes in the ACL. I know this may not be the best forum to post to but I figured other Cisco guys may have a quick and easy method for this.

Thanks in advance

 

[burtsbees]

A little more info please...off top, there is tcp intercept, which proxy-answers tcp-syn with a syn-ack...all layer 3/4 devices can tcp-ack a syn-ack on any port as long as that packet gets to the device and is not blocked...what does your acl look like? When you say 2 machines, are they in a data link environment or do they go across a layer 3 boundary (different subnets)?

/

tim@tim-laptop ~ $ sudo apt-get install windows
Reading package lists... Done
Building dependency tree
Reading state information... Done
E: Couldn't find package windows...Thank Goodness!

 

[ljroach]

Well the long story short is the two machines sit inside a FWSM on a 4506. I have to test the ACL functions before I put it into production. The two systems do sit on different subnets and are part of different firewall contexts. I really just want to start a port scan on the outside of the FWSM and be able to prove which ports are getting through. But the test machines are running very generic apps and need to know all ports that are getting in. I know that my ACL is correct but getting proof for the compliance people that no other ports are open is another story. I need to be able to prove EVERY port that is getting throught the firewall. So I was hoping for an applcation that can sit inside the FWSM and record what ports are getting through the firewall. I hope that makes more sense.