In this step we are going to use another software to determine what ports are open on a machine.|
This is to double check the information we recieved from netstat and make sure there isn't a program running
that has eluded netstat do to alteration, hack, or other form of deception.
The software I prefer to use is nmap and can be obtained from http://www.nmap.org/nmap/nmap_download.html
nmap is software that scans the ports of a machine to determine the state of the ports on that machine.
This is an example of the output from nmap:
Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on linux2.red-dragon.com (127.0.0.1):
(The 1536 ports scanned but not shown below are in state: closed)
Port State Service
21/tcp open ftp
22/tcp open ssh
80/tcp open http
3306/tcp open mysql
8080/tcp open http-proxy
8081/tcp open blackice-icecap
Nmap run completed -- 1 IP address (1 host up) scanned in 1 second
We will examine this line:
21/tcp open ftp
- Port is the port and protocol of the scanned machine, in this case its port 21 using protocol tcp
- State is the state of the port, in this case the port is open meaning it is listening for connection from other machines.
another possibility would have been filtered as in this example
135/tcp filtered loc-srv
If you see a port here that didn't show up on netstat or shouldn't be opened you need to investigate what is opening
the port and how to close the port down if it is truely not needed.
- Filtering is a process of controlling access to the port via some sort of firewall hardware or software.
- Closed ports are not reported by nmap. You shouldn't worry about closed ports because that generally means nothing
is listening to the port.
- Service is the software service commonly associated with the port. In the example is shows ftp as ftp is commonly used
with port 21.