Friday, 23 August 2013

How to test for open ports in a system

Problem: Want a listing of open network ports on your system

Solution: Probe your ports from a remote system.

Test a Specific TCP port(ssh):-

# telnet ssh
# nc -v -z ssh

To scan most of the interesting TCP ports:-
# nmap -v

To test a specific UDP port (1024)
# nc -v -z -u 1024

To scan most of the interesting UDP ports (slowly!)
# nmap -v -sU

To do host discovery (only) for a range of address, without port scanning
# nmap -v -sP

To do OS fingerprinting
# nmap -v -O

 Namp command is a powerful and widely used tool for network security testing. It gathers information about target systems in three distinct phace:-

1. Host Discovery: 

Initial probes to determine which machines are responding within an address range.

2. Port Scanning: 

Test to find open ports that are not protected by firewalls, and are accepting connections

3. OS fingerprinting: Will get more details about the targets

To probe a single target, host name or address:
# nmap -v
# nmap -v

-v option give more info, also can use -v -v option for more details

You can also scan a range of address:-
# nmap -v
# nmap -v
# nmap -v
# nmap -v "10.12.200.*"

nmapfe is a graphical front end that run nmap with an appropriate command line.

Use nmap -P option if your tcp or icmp ping is blocked.

The goal of host discovery is to avoid wasting time performing port scanning for unused addresses.If you know your targets are up you can disable host discovery with the -P0(zero) option.

The simplest way to test a tcp port is to try to connect with telnet. 

The port might be open,
# telnet ssh
   connecting to
   Escape character is '^]'.

or closed(ie, passed by the firewall, but having no server accepting connections on the target)

# telnet 33333
  telnet: connection to address connection refused

or blocked(filtered by firewall):

# telnet 137
  telnet: connection to address connection timed out

The nc command is an even better way to probe ports:

# nc -z -vv ssh 33333 137 [] 22 (ssh) open [] 33333 (?):Connection refused [] 137 (netbios-ns):Connection timed out

The -z option requests a probe, without transferring any data.

UDP ports are harder to probe than TCP ports, because packet delivery is not guaranteed.

No comments:

Post a Comment