How to know which port is open from unmanaged remote host?
How to determine running application and services from remote host?
How to do basic port scanning against a host?
How to confirm ports opened from remote host?
Here are a several ways to do port scanning and know which port/services are currently opened from remote host.
Determining opened ports from remote hosts enables somebody to check which service and known applications are currently running from a remote host. Considering that you are not currently managing a particular remote host, this gives confirmation if a specific application service is properly running from specific ports of a particular IP address or host. This can be handy at times when needed to verify some running services on host ports.
Linux Port Scanning
-------------------
This blog entry does not intend to discuss of any misuse or abuse usage of a powerful linux command line tool like nmap. However, in hope to explain more of basic nmap usage, this blog entry is here for further basic nmap references.
Take for example, a client is allowed to send and receive mail from his box and considering all changes have been done from your server and still the client can't receive emails. Further client phone conversation informs you that the issue was working fine recently and suddently, he just cannot send and receive emails. Although you can verify that the destination host is currently up, and you are not currently with the client's site, this blog entry is another step on expanding your troubleshooting arm to confirm some ports from remote host without having total access from it.
One way to approach this issue is by using one of the linux port scanning packages named nmap.
Nmap man says:
Nmap (“Network Mapper”) is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.
Here's how to verify if a port is open from remote host using NMap.
Port Scanning with Nmap
# nmap remote-IP-address
# nmap -P0 123.123.123.123
The output from Nmap is a list of scanned targets, with supplemental information on each depending on the options used. Key among that information is the “interesting ports table”. That table lists the port number and protocol, service name, and state. The state is either open, filtered, closed, or unfiltered. Open means that an application on the target machine is listening for connections/packets on that port. Filtered means that a firewall, filter, or other network obstacle is blocking the port so that Nmap cannot tell whether it is open or closed. Closed ports have no application listening on them, though they could open up at any time.
Ports are classified as unfiltered when they are responsive to Nmap’s probes, but Nmap cannot determine whether they are open or closed. Nmap reports the state combinations open|filtered and closed|filtered when it cannot determine which of the two states describe a port. The port table may also include software version details when version detection has been requested. When an IP protocol scan is requested (-sO), Nmap provides information on supported IP protocols rather than listening ports.
To issue nmap OS and version detection using nmap
# nmap -A 123.123.123.123
If you wish to do UDP scan against the remote host
# nmap -sU 123.123.123.123
If you wish to do specific port scanning using nmap
# nmap -v -p port_number 123.123.123.123
If you wish to probe open ports for service and version
# nmap -sV 123.123.123.123
Ping scanning can also be done using nmap
# nmap -sP 123.123.123.123
Sometimes you wish to scan a whole network of adjacent hosts. Nmap supports CIDR-style addressing. Nmap scanning to group of host or multiple IP address can also be done like so
# nmap -v -P0 123.123.123.123; 111.222.111.222-230
# nmap -v -P0 192.168.0.0/24; 192.168.1.0/27
When doing group port scanning, exclusing of a particular IP from command line
# nmap -v -P0 v -P0 123.123.123.123; 111.222.111.222-230 --exclude 111.222.111.222.228
Using nmap to exclude multiple host from batch text file can be done like
# nmap -v -P0 -P0 123.123.123.123; 111.222.111.222-230 --excludefile textfile.txt
When doing large number of multiple host port scanning using nmap, a delay can also be specified like so
# nmap -v -P0 123.123.123-254.123-254 --scan-delay 5
Nmap is capable of reading IP address as a batch from text file. This can be done like so
# nmap -v -iL ip-address-text.txt
Nmap also supports resuming an aborted nmap scan by specifying nmap parameter like so
# nmap -v -P0 123.123.123.123-150 --resume
Nmap is so great and handy as it also supports MAC address spoofing for probing remote host. This can be specified using the below nmap argument
# nmap -v -P0 123.123.123.123 --spoof-mac 00:03:47:31:55:69
All nmap shown above were scanning IP address, since nmap knows any DNS presence, you can also specify hostname or domain name as a target remote host for scanning
# nmap -v -P0 my.domain.com
Timing values for nmap can also be specified. Timing nmap values can be useful for IDS alert from target hosts that usually takes longer results to appear. For such a long scan, you may prefer to set the exact timing values you need rather than rely on the canned -T0 and -T1 values. Other values are shown below:
0 1 2 3 4
-T
1 = Paranoid
2 = Sneaky
3 = Polite
4 = Normal
5 = Aggressive
6 = Insane
# nmap -P0 -T1 123.123.123.123
Source host port can also be spoofed trying to achieve same scanning effect from a cloned source host. This can also be specified with nmap as shown below
# nmap -p 110 123.123.123.123 --source-port 110
Generally, collecting opened ports from multiple target hosts can be redirected to physical file using linux I/O as well, this is when you are doing host port monitoring and gathering opened ports statistics in a long-term basis.
Nmap works like sending out a series of TCP and UDP packets to a target host and then examines the returning response bits coming from the target host. The response bits are also classified based on the specified arguments from the person doing the port scanning.
However each version of nmap keeps track of its own port database file. So, it is highly advisable to upgrade your nmap version. Upgrading of nmap package can be easily done like so
# yum -y update nmap
If you wish to know more of known linux defined service ports, you can see more /etc/services.
Basically, nmap offers more arguments depending on the needed nmap service. I find it quite handy, as it does the job very well specially when I need them so. Use nmap with your good thoughts of linux port scanning, and be careful with scanning target host, as you might leave a mark while you are scanning them too!
HTH
Subscription
Categories
- HowTos (612)
- Linux Devices (40)
- Linux Diggs (620)
- Linux News (1541)
- Linux Videos (24)
Recent Posts
Blog Archive
-
▼
2007
(340)
-
▼
September
(58)
- Dear Linux SysAd Blog Readers
- Proactive monitoring from linux terminal
- deleting new lines and return line from text file
- Google chat setup using PSI howto
- PSI messenger - a truly promising open messaging a...
- Google chat setup using GAIM Pidgin howto
- Linux command line shell variables defined
- ls - displaying directory contents in many ways
- Control of alternative linux executables
- Searching using whereis linux command
- Witchy which linux command
- NeroLinux - diehard Nero burning software
- Google Sky - Explore and Rediscover the Sky
- Celestia - 3D Earth and Sky visualization
- Earth3D - real-time 3D Earth visualization
- GcStar - managing personal collection items
- DStat - resource statistics linux tool
- Bandwidth Monitor-NG - terminal-based interface ba...
- KNemo - KDE network interface monitoring tool
- EtherApe - graphical network activity monitoring tool
- Beauty of Math using Linux
- print leading/trailing lines before/after a matchi...
- Nagios Monitoring - install and generic setup howto
- ChRT- change real-time attribute process scheduling
- squeezed out multiple commented lines
- UNIX to DOS text file format converter
- totally squeezed out multiple blank lines
- squeezed multiple blank lines into single line
- fmt - simple optimal text formatter
- Linux backup powered by RDiff-Backup
- Linux Ping command explained
- read and display text file from terminal
- URLView - URL and email extractor
- TFTP server - setup and install howto
- NMap - Linux port scanning
- removing garbage characters from screen terminal
- invert string match using grep
- RDesktop - remote desktop howto
- Graveman on Linux - burn baby burn burn
- HTOP - interactive process viewer alternative
- Caching DNS server install howto
- BitTorrent - downloading large files made easy
- PHPAlbum - web photo album install howto
- MRTG graph creation with Cisco routers
- Tree view of directories and file listings from co...
- MAC address packet filtering using IPTables
- GTK-based GNOME Linux Tools
- Linux backups powered by RSnapShot
- MRTG tutorial, install and howtos
- FindSMB - view shared folders from network
- Squid - upgrade and install howto
- prompt and press a key between script lines
- Devede - DVD/VCD video authoring and creation tool
- display file and file system status
- determine file type
- GNOME GUI task scheduler install howto
- Linux backups powered by Rsync
- KPackage - GUI package administration and manageme...
-
▼
September
(58)
Sunday, September 9, 2007
NMap - Linux port scanning
Subscribe to:
Post Comments (Atom)
ILoveTux - howtos and news | About | Contact | TOS | Policy
0 comments:
Post a Comment