Friday, November 23, 2012

Check opened ports in Linux with nmap & netstat


Several times, I would know which are the opened ports in my Linux servers (yes I have many Linux servers :p ).

There are two good methods to check what ports are open in Linux :
  1. nmap : a port scanner
  2. netstat

nmap can be used to scan your machine to check opened ports.
Enter the following command to scan your computers machine:

nmap -sS -O 127.0.0.1

Once the scan has finished you will get the following ouput:

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2005-01-16 05:48 GMT
Interesting ports on localhost.localdomain (127.0.0.1):
(The 1656 ports scanned but not shown below are in state: closed)
PORT     STATE SERVICE22/tcp   open  ssh80/tcp   open  http443/tcp  open  https1241/tcp open  nessusDevice type: general purposeRunning: Linux 2.4.X|2.5.X|2.6.X
OS details: Linux 2.5.25 - 2.6.3 or Gentoo 1.2 Linux 2.4.19 rc1-rc7)
Uptime 1.985 days (since Fri Jan 14 06:10:41 2005)
Nmap run completed -- 1 IP address (1 host up) scanned in 2.341 seconds

The second method consist in using netstat. netstat can show hidden ports and what programs using them. 

Type following command as root:

netstat -nap

It will show you the output of something similar to:

Active Internet connections (servers and established)
Proto Recv-Q Send-Q Local Address               Foreign Address             State       PID/Program name
tcp        0      0 127.0.0.1:61931             0.0.0.0:*                   LISTEN      5277/wish
tcp        0      0 127.0.0.1:5335              0.0.0.0:*                   LISTEN      3920/mDNSResponder
tcp        0      0 0.0.0.0:1241                0.0.0.0:*                   LISTEN      31438/nessusd: wait
tcp        0      0 10.0.0.14:32776             194.109.129.220:6667        ESTABLISHED 5062/xchat
tcp        0      0 10.0.0.14:45731             207.46.107.146:1863         ESTABLISHED 5277/wish
tcp        0      0 10.0.0.14:33009             82.96.64.2:6667             ESTABLISHED 5062/xchat
tcp        0      0 :::80                       :::*                        LISTEN      4355/httpd
tcp        0      0 :::22                       :::*                        LISTEN      32372/sshd
tcp        0      0 :::443                      :::*                        LISTEN      4355/httpd
udp        0      0 0.0.0.0:68              0.0.0.0:*                           3614/dhclient
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           3920/mDNSResponder

A quick post certainly, but I hope it would be useful for you.

PS: for more details try google :p

Good Bye ;-)