[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ipchains/ipmasq/List of Ports/Exim

"Vince Mulhollon" <vlm@norlight.com> writes:

> Good Morning,
> To find out what services run on what ports, theres a couple fairly easy
> ways.

[snip ... ]

> 2) Run a nmap on your machine and look at the results.  If you already have
> filtering rules, you probably need to run that from the "outside" or from
> another machine.   The debian package is creatively named "nmap" and you
> probably want to run something like "nmap whatevermy.ip.address.is"
> Heres an example of nmap, run on a purely internal, yet semi secure host
> via 10 meg ethernet.  Obivously would be a wee bit slower over a 56K modem.
> In the example below, SSH, NFS (sunrpc), and X11, and email (smtp) are
> open.  I have no idea what right off hand why something is running on ports
> 750, 775, and 1024.  I suppose I should look into that.
> nmc:~$ nmap -p 1-65535 vlm-jr
> Starting nmap V. 2.12 by Fyodor (fyodor@dhp.com, www.insecure.org/nmap/)
> Interesting ports on  (
> Port    State       Protocol  Service
> 22      open        tcp        ssh
> 25      open        tcp        smtp
> 111     open        tcp        sunrpc
> 750     open        tcp        kerberos
> 775     open        tcp        entomb
> 1024    open        tcp        unknown
> 2049    open        tcp        nfs
> 6000    open        tcp        X11

 Note that if you are running ssh you almost certainly don't want X11
to be listening (pass the "-nolisten tcp" option to X when it starts).

> Nmap run completed -- 1 IP address (1 host up) scanned in 67 seconds
> Read the man page for nmap and understand it, before you use it, or you'll
> merely shoot yourself in your foot.
> 3) Try something like "netstat -a | more"  That should tell you exactly
> what is running on what port, in addition to what connections are open at
> any given time.

 "netstat -l" is probably more useful.

 Also if you want to know "what" is running services you find running
on your machine you'll need to do something like...

fuser -vn tcp 755

...which will show you which program has that port open.

# James Antill -- james@and.org
* ^From: .*james@and.org

Reply to: