topic Re: Accessible ports script in Operating System - Linux

Accessible ports script

Coolmar — Wed, 28 Jun 2006 13:14:58 GMT

I need help with a script. We have servers on this side of the firewall, and servers on that side. I need to find a way to see what common ports (21, 22, 23, 1521, etc) are accessible from what servers. Like can serverA on one side of the firewall access 1521 on serverB on the other side of the firewall.

Any ideas? Thanks! I know the firewall people should be able to tell me but that is worse than pulling teeth, and I would rather find out as much as I can from my end...*if* I can.

Re: Accessible ports script

Ivan Ferreira — Wed, 28 Jun 2006 13:27:40 GMT

The best took I know to identify open ports is NMAP. Download it from here:

http://hpux.cs.utah.edu/hppd/hpux/Networking/Admin/nmap-3.93/

Re: Accessible ports script

James R. Ferguson — Wed, 28 Jun 2006 13:27:57 GMT

Hi Sally:

It seems to me that (s)he who maintains the rules should be able to *recite* the rules! :-))

Regards!

...JRF...

Re: Accessible ports script

Steven E. Protter — Wed, 28 Jun 2006 13:31:31 GMT

Shalom,

[root@tehran ~]# nmap localhost

Starting nmap 3.70 ( http://www.insecure.org/nmap/ ) at 2006-06-28 13:29 CDT
Interesting ports on tehran (127.0.0.1):
(The 1651 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
111/tcp open rpcbind
631/tcp open ipp
953/tcp open rndc
5801/tcp open vnc-http-1
5901/tcp open vnc-1
6001/tcp open X11:1
10000/tcp open snet-sensor-mgmt

Nmap run completed -- 1 IP address (1 host up) scanned in 0.789 seconds

Thats a server in the US. We like to name them after cities in "The Axis of Evil" Poking a little fun.

nmap works great and is standard on Linux. Its instalable or compilable on HP-UX but this is much less fun.

This tool does something called portscanning. This is something that network admins hate. So get permission before you use it.

SEP

Re: Accessible ports script

rmueller58 — Thu, 29 Jun 2006 13:32:25 GMT

with NMAP you scan a full subnet, or portions..

for example

nmap -v 192.168.0.0/24

will scan all addresses in the 192.168.0.0 subnet.

if you change your bit mask to 16 it will be 192.168.0.0 so anything from 192.168.0.0-192.168.255.255

Re: Accessible ports script

Coolmar — Fri, 30 Jun 2006 06:31:26 GMT

Ok, thanks. Will nmap scan all ports, or can you specify for it to just check the ports you list (23, 22, 5021, etc)?

Re: Accessible ports script

Ralph Grothe — Fri, 30 Jun 2006 07:29:17 GMT

You can specify port ranges (what follows after the -p), like

nmap -P0 -sT -p 20-25,115,80,143 some.host.or.ip

Re: Accessible ports script

spex — Fri, 30 Jun 2006 07:43:11 GMT

Sally,

If you have many hosts to scan, nmap also accepts a list of hostnames:

nmap -iL ...

PCS

Re: Accessible ports script

Ralph Grothe — Fri, 30 Jun 2006 07:46:38 GMT

Though I can fully understand your reluctance to get in touch with your firewall admis
(these folks are really taciturn, probably a symptom of their trade?) you should rather talk to them before you open fire with a port scanner on their firwalls.
Apart from the spurios trafic you generate you could inadvertently trigger of some bogus alerts.
nmap is a very powerful tool and has sophisticated methods of randomizing and stealthing its scans as you may read in its manpage.