60.35 Port Scanning

20201104

To list hosts on a network (e.g., the local network 192.168.178.0/24) listening to particular ports (e.g., the secure shell port which is port number 22) we can use nmap. In the example here each host found in the specified IP address range reports the latency and the open port, checking for just the port specified using -T:

$ nmap --open -p T:22 192.168.178.0/24

Starting Nmap 7.60 ( https://nmap.org ) at 2019-11-21 21:09 AEDT

Nmap scan report for tenh (192.168.178.83)
Host is up (0.0015s latency).

PORT   STATE SERVICE
22/tcp open  ssh

[...]

Nmap done: 256 IP addresses (12 hosts up) scanned in 4.66 seconds

To check if a specific host (e.g., some random IP address) has a specific port open (e.g. the SMTP port, number 25), we find that it does not:

$ nmap --open -p T:25 203.0.178.192
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-04 14:46 AEDT
Nmap done: 1 IP address (1 host up) scanned in 0.87 seconds

To list the open ports on a remote server:

$ nmap crispies.net.au
Starting Nmap 7.80 ( https://nmap.org ) at 2020-11-04 14:50 AEDT
Nmap scan report for crispies.net.au (103.52.123.45)
Host is up (0.029s latency).
rDNS record for 103.52.123.45: crispies
Not shown: 997 filtered ports
PORT    STATE  SERVICE
22/tcp  open   ssh
80/tcp  open   http
443/tcp closed https

Nmap done: 1 IP address (1 host up) scanned in 4.12 seconds

To check which ports are currently in use by your system the netstat command, as root, is useful, listing the ID and name of the process listening on each port:

$ sudo netstat -tulpen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address  Foreign Address State   User  Inode  PID/Program name    
tcp        0      0 0.0.0.0:22     0.0.0.0:*       LISTEN  0     41625  1525/sshd: /usr/sbi 
tcp6       0      0 :::80          :::*            LISTEN  0     41641  1554/apache2        
tcp6       0      0 :::22          :::*            LISTEN  0     41627  1525/sshd: /usr/sbi 
udp6       0      0 :::49864       :::*                    0     41318  1515/rpc.mountd     
[...]

Services can be turned on/off by the -, update, inetd command. To turn telnet off:

$ sudo update-inetd --disable telnet

To manually turn services off we can edit /etc/inetd.conf. If telnetd is installed (not recommended), to turn it off (rather than uninstalling it) comment out the line in /etc/inetd.conf that starts with telnet and then restart inetd:

$ wajig restart inetd


Your donation will support ongoing availability and give you access to the PDF version of this book. Desktop Survival Guides include Data Science, GNU/Linux, and MLHub. Books available on Amazon include Data Mining with Rattle and Essentials of Data Science. Popular open source software includes rattle, wajig, and mlhub. Hosted by Togaware, a pioneer of free and open source software since 1984. Copyright © 1995-2022 Graham.Williams@togaware.com Creative Commons Attribution-ShareAlike 4.0