Re: ipchains/ipmasq/List of Ports/Exim
"Vince Mulhollon" <email@example.com> writes:
> Good Morning,
> To find out what services run on what ports, theres a couple fairly easy
[snip ... ]
> 2) Run a nmap on your machine and look at the results. If you already have
> filtering rules, you probably need to run that from the "outside" or from
> another machine. The debian package is creatively named "nmap" and you
> probably want to run something like "nmap whatevermy.ip.address.is"
> Heres an example of nmap, run on a purely internal, yet semi secure host
> via 10 meg ethernet. Obivously would be a wee bit slower over a 56K modem.
> In the example below, SSH, NFS (sunrpc), and X11, and email (smtp) are
> open. I have no idea what right off hand why something is running on ports
> 750, 775, and 1024. I suppose I should look into that.
> nmc:~$ nmap -p 1-65535 vlm-jr
> Starting nmap V. 2.12 by Fyodor (firstname.lastname@example.org, www.insecure.org/nmap/)
> Interesting ports on (22.214.171.124):
> Port State Protocol Service
> 22 open tcp ssh
> 25 open tcp smtp
> 111 open tcp sunrpc
> 750 open tcp kerberos
> 775 open tcp entomb
> 1024 open tcp unknown
> 2049 open tcp nfs
> 6000 open tcp X11
Note that if you are running ssh you almost certainly don't want X11
to be listening (pass the "-nolisten tcp" option to X when it starts).
> Nmap run completed -- 1 IP address (1 host up) scanned in 67 seconds
> Read the man page for nmap and understand it, before you use it, or you'll
> merely shoot yourself in your foot.
> 3) Try something like "netstat -a | more" That should tell you exactly
> what is running on what port, in addition to what connections are open at
> any given time.
"netstat -l" is probably more useful.
Also if you want to know "what" is running services you find running
on your machine you'll need to do something like...
fuser -vn tcp 755
...which will show you which program has that port open.
# James Antill -- email@example.com
* ^From: .*firstname.lastname@example.org