Jump to content
Sign in to follow this  
xDamox

Check what ports are open

Recommended Posts

There are two good methods to see what ports are open in Linux you can use

nmap which is a port scanner and you can use netstat.

 

nmap can be used to scan your machine to see whats ports are open issue the

following command to scan your computers machine:

 

nmap -sS -O 127.0.0.1

 

once the scan has finished you will get the following ouput:

 

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-01-16 05:48 GMT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1656 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
443/tcp  open  https
1241/tcp open  nessus
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 1.985 days (since Fri Jan 14 06:10:41 2005)

Nmap run completed -- 1 IP address (1 host up) scanned in 2.341 seconds

 

The second method was netstat. netstat can show hidden ports and what programs using

them issue the following command as root:

 

netstat -nap

 

This will show you the output of something similar to:

 

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:61931             0.0.0.0:*                   LISTEN      5277/wish
tcp        0      0 127.0.0.1:5335              0.0.0.0:*                   LISTEN      3920/mDNSResponder
tcp        0      0 0.0.0.0:1241                0.0.0.0:*                   LISTEN      31438/nessusd: wait
tcp        0      0 10.0.0.14:32776             194.109.129.220:6667        ESTABLISHED 5062/xchat
tcp        0      0 10.0.0.14:45731             207.46.107.146:1863         ESTABLISHED 5277/wish
tcp        0      0 10.0.0.14:33009             82.96.64.2:6667             ESTABLISHED 5062/xchat
tcp        0      0 :::80                       :::*                        LISTEN      4355/httpd
tcp        0      0 :::22                       :::*                        LISTEN      32372/sshd
tcp        0      0 :::443                      :::*                        LISTEN      4355/httpd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           3614/dhclient
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           3920/mDNSResponder

Share this post


Link to post
Share on other sites

When you are looking for open ports on your machine, scanning 127.0.0.1 will not necessarily show you anything that is exposed. Most firewall configurations allow full access from the local machine to 127.0.0.1. If you are interested in determining what ports others might be able to see and potentially exploit, you should scan your machine from another machine to your IP address that is exposed to the external world.

Share this post


Link to post
Share on other sites

Adding to what P38 said.. scanning within a LAN will not show everything that is exposed either. Again the external IP is the way around this...

Share this post


Link to post
Share on other sites

I like to use netstat -ntulp that will show everything that is listening tcp and udp and the ip that it is listening on.

Share this post


Link to post
Share on other sites

before I learned of netstat, I started using

lsof -i -n -P

seems to give a bit more info

 

(or just lsof to get a dump of all open files - long list :) )

Edited by dspln

Share this post


Link to post
Share on other sites
Guest
You are commenting as a guest. If you have an account, please sign in.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
Sign in to follow this  

×