Category: Linux Command

yum install nmap

now scan the ports with :

nmap -sT -O localhost

result:

Nmap scan report for localhost (127.0.0.1)

Host is up (0.000083s latency).

rDNS record for 127.0.0.1: localhost.localdomain

Not shown: 972 closed ports

PORT      STATE SERVICE

21/tcp    open  ftp

22/tcp    open  ssh

25/tcp    open  smtp

53/tcp    open  domain

80/tcp    open  http

110/tcp   open  pop3

111/tcp   open  rpcbind

143/tcp   open  imap

443/tcp   open  https

783/tcp   open  spamassassin

993/tcp   open  imaps

995/tcp   open  pop3s

1080/tcp  open  socks

1081/tcp  open  pvuniwien

2005/tcp  open  deslogin

2009/tcp  open  news

3005/tcp  open  deslogin

3306/tcp  open  mysql

5432/tcp  open  postgresql

8009/tcp  open  ajp13

8080/tcp  open  http-proxy

8081/tcp  open  blackice-icecap

9009/tcp  open  pichat

9080/tcp  open  glrpc

9090/tcp  open  zeus-admin

9100/tcp  open  jetdirect

10024/tcp open  unknown

10025/tcp open  unknown

No exact OS matches for host (If you know what OS is running on it, see http://nmap.org/submit/ ).

TCP/IP fingerprint:

OS:SCAN(V=6.40%E=4%D=7/23%OT=21%CT=1%CU=41542%PV=N%DS=0%DC=L%G=Y%TM=59744F1

OS:C%P=x86_64-redhat-linux-gnu)SEQ(SP=101%GCD=1%ISR=105%TI=Z%TS=A)SEQ(SP=10

OS:1%GCD=1%ISR=106%TI=Z%II=I%TS=A)OPS(O1=MFFD7ST11NW7%O2=MFFD7ST11NW7%O3=MF

OS:FD7NNT11NW7%O4=MFFD7ST11NW7%O5=MFFD7ST11NW7%O6=MFFD7ST11)WIN(W1=AAAA%W2=

OS:AAAA%W3=AAAA%W4=AAAA%W5=AAAA%W6=AAAA)ECN(R=Y%DF=Y%T=40%W=AAAA%O=MFFD7NNS

OS:NW7%CC=Y%Q=)T1(R=Y%DF=Y%T=40%S=O%A=S+%F=AS%RD=0%Q=)T2(R=N)T3(R=N)T4(R=Y%

OS:DF=Y%T=40%W=0%S=A%A=Z%F=R%O=%RD=0%Q=)T5(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%

OS:O=%RD=0%Q=)T6(R=N)T7(R=Y%DF=Y%T=40%W=0%S=Z%A=S+%F=AR%O=%RD=0%Q=)U1(R=Y%D

OS:F=N%T=40%IPL=164%UN=0%RIPL=G%RID=G%RIPCK=G%RUCK=G%RUD=G)IE(R=Y%DFI=N%T=4

OS:0%CD=S)

Network Distance: 0 hops

OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 12.22 seconds

now scan from external :

nmap -sT -O <ip>

result

Starting Nmap 7.50 ( https://nmap.org ) at 2017-07-23 09:30 CEST

Nmap scan report for web.site (<ip>)

Host is up (0.035s latency).

rDNS record for <ip>: mail. web.site

Not shown: 978 closed ports

PORT     STATE    SERVICE

21/tcp   open     ftp

22/tcp   open     ssh

25/tcp   open     smtp

53/tcp   open     domain

80/tcp   open     http

110/tcp  open     pop3

111/tcp  open     rpcbind

135/tcp  filtered msrpc

139/tcp  filtered netbios-ssn

143/tcp  open     imap

443/tcp  open     https

445/tcp  filtered microsoft-ds

993/tcp  open     imaps

995/tcp  open     pop3s

1080/tcp open     socks

1081/tcp open     pvuniwien

2009/tcp open     news

3306/tcp filtered mysql

8009/tcp open     ajp13

8081/tcp open     blackice-icecap

9009/tcp open     pichat

9080/tcp open     glrpc

Device type: general purpose|media device|WAP|storage-misc

Running (JUST GUESSING): Linux 3.X|4.X|2.6.X (89%), Asus embedded (86%), Synology DiskStation Manager 5.X (86%)

OS CPE: cpe:/o:linux:linux_kernel:3 cpe:/o:linux:linux_kernel:4 cpe:/o:linux:linux_kernel:3.x cpe:/h:asus:rt-n56u cpe:/o:linux:linux_kernel:3.4 cpe:/o:linux:linux_kernel:3.10 cpe:/a:synology:diskstation_manager:5.2 cpe:/o:linux:linux_kernel:2.6.32

Aggressive OS guesses: Linux 3.2 – 4.8 (89%), Linux 3.18 (88%), Linux 3.16 (87%), Linux 3.13 or 4.2 (87%), XBMCbuntu Frodo v12.2 (Linux 3.X) (87%), ASUS RT-N56U WAP (Linux 3.4) (86%), Linux 3.13 (86%), Linux 3.12 (86%), Linux 3.8 – 3.11 (86%), Linux 4.10 (86%)

No exact OS matches for host (test conditions non-ideal).

Network Distance: 6 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 15.47 seconds

check now for LISTENING port:

Next, check for information about the port using netstat or lsof. To check for port 834 using netstat, use the following command:

netstat -anp | grep 834

result :

tcp        0      0 127.0.0.1:9168          127.0.0.1:47834         TIME_WAIT   –                   

unix  2      [ ACC ]     STREAM     LISTENING     397083455 343/amavisd (ch1-av  /var/spool/amavisd/amavisd.sock

unix  2      [ ]         STREAM     CONNECTED     481728342 25062/ruby           

unix  3      [ ]         STREAM     CONNECTED     407881834 4920/dovecot         

unix  2      [ ]         STREAM     CONNECTED     481808349 25062/ruby   

The lsof command reveals similar information since it is also capable of linking open ports to services:

lsof -i | grep 834

To check if the port is associated with the official list of known services, type:

cat /etc/services

to check the users log in use command : who

which process are running over a port eg 8080

netstat -nlp | grep 8080