Tuesday, July 17, 2007

list out opened host ports howto

Opened host ports are usually the most non-physical direct way of forcing entry remotely.

Here you would see several tools and ways how to list out your currently opened ports from your managed linux box.

Let's view our first attempt to list out those opened and used ports.

# netstat -panut | grep LISTEN

We used the linux command grep to filter LISTENing ports only from the resulting output.

or

# netstat -ntl

Take a look of the sample output from issuing the above command :

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 6536/sshd
tcp 0 0 127.0.0.1:53 0.0.0.0:* LISTEN 1819/named
tcp 0 0 127.0.0.1:953 0.0.0.0:* LISTEN 1819/named
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

With reference to the first resulting line, basically explained below:

0.0.0.0:* = basically means that the port is opened from all host's IP address
tcp = would be the protocol used by the daemon service for establishing communication
22 = is the specific port for which the service is currently listening from
sshd = the daemon/application service which is currently listening from that specific port

You can squeezed out more likely the same info when issuing:

# ss -a | grep LISTEN

Let's use a deeper port scanning commands here and use it with our localhost IP address like so:

# nmap -P0 localhost
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Starting Nmap 4.20 ( http://insecure.org ) at 2007-07-17 22:29 WAT
Interesting ports on yourhost.domain.com (127.0.0.1):
Not shown: 1693 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
778/tcp open unknown
953/tcp open rndc

Nmap finished: 1 IP address (1 host up) scanned in 0.082 seconds
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Linux command nmap is referred to as a handy swiss knife for probing a particular host for possible opened ports, that reminds me of netcat as well, but the blog would not be covering any of that hacking stuff here. :) Going back, check out moer nmap parameters

# man nmap

Try

# nmap -v localhost

So how do you verify further that the port you are referring to is actually open. This is simply done again by one of the most famous tool mostly used with linux and routers

# telnet localhost 22

Telnets you to locahost on port 22 for testing if the actual host's port is really open.

If the port is actually open, you would be dropped inside that port daemon service for further awaiting service commands. Press ctrl+], enter and quit. As you are not inside to do something harmful!

So, basically, you can now list out your opened ports and develop a more likely tools and approach on getting further info with the host and its ports using these linux commands.

Be reminded that most linux commands used have always more and better command line parameters that simply comes with it.

Have a nice day ahead!

0 comments:

Sign up for PayPal and start accepting credit card payments instantly.
ILoveTux - howtos and news | About | Contact | TOS | Policy