+- Linux-Noob Forums (https://www.linux-noob.com/forums)
+-- Forum: Linux Server Administration (https://www.linux-noob.com/forums/forum-8.html)
+--- Forum: Security and Firewalls (https://www.linux-noob.com/forums/forum-87.html)
+--- Thread: Check what ports are open (/thread-2908.html)
Check what ports are open - xDamox - 2005-01-16
There are two good methods to see what ports are open in Linux you can use
nmap which is a port scanner and you can use netstat.
nmap can be used to scan your machine to see whats ports are open issue the
following command to scan your computers machine:
Code:
nmap -sS -O 127.0.0.1once the scan has finished you will get the following ouput:
Code:
Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-01-16 05:48 GMT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1656 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
1241/tcp open nessus
Device type: general purpose
Running: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 1.985 days (since Fri Jan 14 06:10:41 2005)
Nmap run completed -- 1 IP address (1 host up) scanned in 2.341 secondsThe second method was netstat. netstat can show hidden ports and what programs using
them issue the following command as root:
Code:
netstat -napThis will show you the output of something similar to:
Code:
Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:61931 0.0.0.0:* LISTEN 5277/wish
tcp 0 0 127.0.0.1:5335 0.0.0.0:* LISTEN 3920/mDNSResponder
tcp 0 0 0.0.0.0:1241 0.0.0.0:* LISTEN 31438/nessusd: wait
tcp 0 0 10.0.0.14:32776 194.109.129.220:6667 ESTABLISHED 5062/xchat
tcp 0 0 10.0.0.14:45731 207.46.107.146:1863 ESTABLISHED 5277/wish
tcp 0 0 10.0.0.14:33009 82.96.64.2:6667 ESTABLISHED 5062/xchat
tcp 0 0 :::80 :::* LISTEN 4355/httpd
tcp 0 0 :::22 :::* LISTEN 32372/sshd
tcp 0 0 :::443 :::* LISTEN 4355/httpd
udp 0 0 0.0.0.0:68 0.0.0.0:* 3614/dhclient
udp 0 0 0.0.0.0:5353 0.0.0.0:* 3920/mDNSResponderCheck what ports are open - P38 - 2005-01-17
When you are looking for open ports on your machine, scanning 127.0.0.1 will not necessarily show you anything that is exposed. Most firewall configurations allow full access from the local machine to 127.0.0.1. If you are interested in determining what ports others might be able to see and potentially exploit, you should scan your machine from another machine to your IP address that is exposed to the external world.
Check what ports are open - znx - 2005-03-21
Adding to what P38 said.. scanning within a LAN will not show everything that is exposed either. Again the external IP is the way around this...
Check what ports are open - grep420 - 2005-03-24
I like to use netstat -ntulp that will show everything that is listening tcp and udp and the ip that it is listening on.
Check what ports are open - dspln - 2005-12-05
before I learned of netstat, I started using
lsof -i -n -P
seems to give a bit more info
(or just lsof to get a dump of all open files - long list :))