yum install nmap
now scan the ports with :
nmap -sT -O localhost
result:
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000083s latency).
rDNS record for 127.0.0.1: localhost.localdomain
Not shown: 972 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
143/tcp open imap
443/tcp open https
783/tcp open spamassassin
993/tcp open imaps
995/tcp open pop3s
1080/tcp open socks
1081/tcp open pvuniwien
2005/tcp open deslogin
2009/tcp open news
3005/tcp open deslogin
3306/tcp open mysql
5432/tcp open postgresql
8009/tcp open ajp13
8080/tcp open http-proxy
8081/tcp open blackice-icecap
9009/tcp open pichat
9080/tcp open glrpc
9090/tcp open zeus-admin
9100/tcp open jetdirect
10024/tcp open unknown
10025/tcp open unknown
No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).
TCP/IP fingerprint:
OS:SCAN(V=6.40%E=4%D=7/23%OT=21%CT=1%CU=41542%PV=N%DS=0%DC=L%G=Y%TM=59744F1
OS:C%P=x86_64-redhat-linux-gnu)SEQ(SP=101%GCD=1%ISR=105%TI=Z%TS=A)SEQ(SP=10
OS:1%GCD=1%ISR=106%TI=Z%II=I%TS=A)OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MF
OS:FD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11)WIN(W1=AAAA%W2=
OS:AAAA%W3=AAAA%W4=AAAA%W5=AAAA%W6=AAAA)ECN(R=Y%DF=Y%T=40%W=AAAA%O=MFFD7NNS
OS:NW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%
OS:DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%
OS:O=%RD=0%Q=)T6(R=N)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%D
OS:F=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=4
OS:0%CD=S)
Network Distance: 0 hops
OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 12.22 seconds
now scan from external :
nmap -sT -O <ip>
result
Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-23 09:30 CEST
Nmap scan report for web.site (<ip>)
Host is up (0.035s latency).
rDNS record for <ip>: mail. web.site
Not shown: 978 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
111/tcp open rpcbind
135/tcp filtered msrpc
139/tcp filtered netbios-ssn
143/tcp open imap
443/tcp open https
445/tcp filtered microsoft-ds
993/tcp open imaps
995/tcp open pop3s
1080/tcp open socks
1081/tcp open pvuniwien
2009/tcp open news
3306/tcp filtered mysql
8009/tcp open ajp13
8081/tcp open blackice-icecap
9009/tcp open pichat
9080/tcp open glrpc
Device type: general purpose|media device|WAP|storage-misc
Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (89%), Asus embedded (86%), Synology DiskStation Manager 5.X (86%)
OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:3.x cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:3.10 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:linux:linux_kernel:2.6.32
Aggressive OS guesses: Linux 3.2 – 4.8 (89%), Linux 3.18 (88%), Linux 3.16 (87%), Linux 3.13 or 4.2 (87%), XBMCbuntu Frodo v12.2 (Linux 3.X) (87%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.13 (86%), Linux 3.12 (86%), Linux 3.8 – 3.11 (86%), Linux 4.10 (86%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 6 hops
OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 15.47 seconds
check now for LISTENING port:
Next, check for information about the port using netstat or lsof. To check for port 834 using netstat, use the following command:
netstat -anp | grep 834 |
result :
tcp 0 0 127.0.0.1:9168 127.0.0.1:47834 TIME_WAIT –
unix 2 [ ACC ] STREAM LISTENING 397083455 343/amavisd (ch1-av /var/spool/amavisd/amavisd.sock
unix 2 [ ] STREAM CONNECTED 481728342 25062/ruby
unix 3 [ ] STREAM CONNECTED 407881834 4920/dovecot
unix 2 [ ] STREAM CONNECTED 481808349 25062/ruby
The lsof command reveals similar information since it is also capable of linking open ports to services:
lsof -i | grep 834 |
To check if the port is associated with the official list of known services, type:
cat /etc/services |
to check the users log in use command : who
which process are running over a port eg 8080
netstat -nlp | grep 8080