A good way to figure out if there is a device blocking traffic to our servers is to run a telnet to a specific port. This won't always tell you what exactly is interfering with the traffic but will let you know that something in the path is dropping the traffic. It's also an integral part of how OpenDNS support does troubleshooting and you may be asked by support personnel to perform these steps.
A TCP "traceroute" run to a domain on a specific port should give a good idea as to where the traffic is being dropped. A traceroute simply shows the 'path' on the Internet between the host where the traceroute is run and the destination that's specified as well as where, if anywhere, the route is failing to complete. For instance, if you cannot reach foo.com from your computer, you can use tcptraceroute to map the path between your computer and the public website to see where along the line the problem is occurring.
Linux and OSX
tcptraceroute is included by default in most Unix based distributions. On OSX you will need to install it via homebrew (http://brew.sh/) by running the following command
brew install tcptraceroute
tcptraceroute hostname port
sudo tcptraceroute api.opendns.com 443
NOTE: On some operating systems like OS X you may need to run tcptraceroute as root. We've included 'sudo' in the example commands below to do that.
shaun-0369:Tools shaun$ sudo tcptraceroute api.opendns.com 443
Selected device en0, address 192.168.10.63, port 60749 for outgoing packets
Tracing the path to api.opendns.com (220.127.116.11) on TCP port 443 (https), 30 hops max
1 192.168.10.254 1.893 ms 1.787 ms 1.123 ms
2 * * *
3 te-0-7-0-11-sur02.lowell.ma.boston.comcast.net (18.104.22.168) 11.768 ms 36.209 ms 11.473 ms
4 be-21-ar01.needham.ma.boston.comcast.net (22.214.171.124) 14.006 ms 12.382 ms 21.340 ms
5 be-7015-cr01.newyork.ny.ibone.comcast.net (126.96.36.199) 40.690 ms 67.974 ms 41.689 ms
6 ae12.edge1.newyork2.level3.net (188.8.131.52) 42.198 ms 19.511 ms 22.600 ms
7 ae-32-80.car2.sanjose1.level3.net (184.108.40.206) 121.049 ms 130.360 ms 125.898 ms
8 ae-32-80.car2.sanjose1.level3.net (220.127.116.11) 124.555 ms 139.251 ms 136.524 ms
9 open-dns-in.car2.sanjose1.level3.net (18.104.22.168) 86.392 ms 99.180 ms 88.102 ms
10 vlan130.fw1.sjc.opendns.com (22.214.171.124) 89.775 ms 88.160 ms 90.077 ms
11 api.opendns.com (126.96.36.199) [open] 126.455 ms 87.454 ms 89.881 ms
Windows does not include a way to run TCP traceroute. Luckily someone was kind enough to write a version that works with Windows.
In order to run tracetcp on Windows you will need to have the WinPcap library installed. You can find download links below the screenshot.
TraceTCP requires the WinPcap library which can be download below