Thursday, June 17, 2021

Linux NMAP

 lsof               ----- Ubuntu - Display port

netstat          ---- Display Listening ports in localhost/Self 

ss


Security Group is wrt -   particular EC2 Instance and is "A Virtual N/w Firewall"


a firewall can be - OS Level Firewall 

                                  - Network(Router) Level Firewall

Linux OS Level Firewalls

ufw          ----  firewalls in debian ubuntu distro 

iptables  ---- firewalls in redhat centos


nmap             ---- For remote verification of ports

ncat(nc)        ---- a tool of nmap which provides alternative to "netcat"


telnet    --  used to talk to a port ---- 2nd Alternative

---------------------------------------------------------------------------------

https://www.cyberciti.biz/faq/how-to-check-open-ports-in-linux-using-the-cli/

---------------------------------------------------------------------------------


https://securitytrails.com/blog/nmap-commands


https://www.cyberciti.biz/faq/iptables-block-port/

https://www.tecmint.com/linux-iptables-firewall-rules-examples-commands/

https://www.journaldev.com/34113/opening-a-port-on-linux    [BEST]

 ------------------------------------------------------------------------------------------

https://www.cybrary.it/blog/0p3n/netcat-vs-ncat-big-confusion/

Netcat -    old classic library built by "Hobbit"

"ncat" is "netcat" equivalent from nmap 


https://www.tecmint.com/find-open-ports-in-linux/

netstat basically tells us which port is listening 

Its used in Localhost usually

netstat -np -u -t -l

-n process number

-p port number 

-l                 listen

-t                 tcp

-u                udp


established means live session on 


TCP UDP and Sockets -  3 Types of connections


Netstat is obsolute - Use "ss"   -  All commands works similar as netstat

 

 --------------------------------------------- ---------------------------------------------

 For remote Use nmap

 https://www.tecmint.com/nmap-command-examples/

  --------------------------------------------- ---------------------------------------------

 telnet                                            [Type Telnet]

 connect   10.79.196.74

 ctrl+]         Escape Character

 status

 

 --------------------------------------------------------------------------------------------

 Debugging Telnet

 

 Telnet works when Server is listening on that port.

 

 https://www.cybrary.it/blog/0p3n/netcat-vs-ncat-big-confusion/

 Ncat and telnet - is used as chat server to test connections.

 ncat -l -p 6900 -t

 telnet 127.0.0.1 6900

--------------------------------------------------------------------------------------------

https://www.baeldung.com/spring-boot-run-maven-vs-executable-jar

https://www.baeldung.com/spring-boot-change-port


---------------------------------------------------------------------------------

sudo nmap -p 22,6900,8080-8081,27017 10.79.196.74


https://www.cyberciti.biz/faq/unix-linux-check-if-port-is-in-use-command/

https://nmap.org/download.html    -    nmap   "Zenmap UI"

nmap -sn 10.79.196.74                                           [Ping Scan when ping command does not work]


nmap -v 10.79.196.74                                              [Regular Scan, gives list of port status]


nmap -p 22,25,80,8080-8085 -v 10.79.196.74   [Explicit Port scan]


nmap -PN 10.79.196.74    -p 22,25,80,8080-8085


nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" 10.79.196.74 [Slow Comprehensive scan]


https://nmap.org/book/port-scanning.html#port-scanning-port-intro

https://www.uv.mx/personal/angelperez/files/2018/10/scanning_texto.pdf


----------------------------------------------------------------------------------

well-known ports

These are reserved ports (within the range of 1 to 1,023, as discussed above) which have been registered with the IANA for a certain service. Familiar examples are ports 22, 25, and 80 for the services SSH, SMTP, and HTTP, respectively.


registered ports

These ports fall within the range 1,024 to 49,151 and have been registered with the IANA in the same way the well known ports have. Most of these are not as commonly used as the well-known ports. The key difference is that unprivileged users can bind to these ports and thus run the services on their registered port. Users cannot do so on most platforms for well-known ports, since they reside in the reserved port range.


dynamic and/or private ports

The IANA reserves the port numbers from 49152 through 65535 for dynamic uses such as those discussed in the ephemeral ports section. Proprietary services that are only used within a company may also use these ports.

----------------------------------------------------------------------------------

open

An application is actively accepting TCP connections or UDP packets on this port. Finding these is often the primary goal of port scanning. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network. 


closed

A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They may be worth scanning later in case some open up.  Administrators may want to consider blocking such ports with a firewall so they appear in the filtered state, discussed next.


filtered

It essentially means "Blocked somewhere", It may be blocked my own Firewall

Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information. 


unfiltered

The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.


open|filtered


closed|filtered

----------------------------------------------------------------------------------

[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8081

Ncat: Version 7.50 ( https://nmap.org/ncat )

Ncat: Connected to 10.79.196.74:8081.

Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8080

Ncat: Version 7.50 ( https://nmap.org/ncat )

Ncat: Connection timed out.

[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 80

Ncat: Version 7.50 ( https://nmap.org/ncat )

Ncat: Connection timed out.

[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 22

Ncat: Version 7.50 ( https://nmap.org/ncat )

Ncat: Connection timed out.

[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 22

Ncat: Version 7.50 ( https://nmap.org/ncat )

Ncat: Connected to 10.79.196.74:22.

Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.

[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8081

Ncat: Version 7.50 ( https://nmap.org/ncat )

Ncat: Connection timed out.

[ec2-user@ip-10-79-196-15 ~]$ ncat -v 10.79.196.74 8081

Ncat: Version 7.50 ( https://nmap.org/ncat )

Ncat: Connection timed out.

[ec2-user@ip-10-79-196-15 ~]$ ncat -v 10.79.196.74 8081

Ncat: Version 7.50 ( https://nmap.org/ncat )

Ncat: Connection timed out.

[ec2-user@ip-10-79-196-15 ~]$ nmap 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:50 UTC

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds

[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC

Nmap scan report for 10.79.196.74

Host is up (0.00022s latency).

Not shown: 999 filtered ports

PORT   STATE SERVICE

22/tcp open  ssh


Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds

[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC

Nmap scan report for 10.79.196.74

Host is up (0.00027s latency).

Not shown: 999 filtered ports

PORT   STATE SERVICE

22/tcp open  ssh


Nmap done: 1 IP address (1 host up) scanned in 4.23 seconds

[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC

Nmap scan report for 10.79.196.74

Host is up (0.00015s latency).

Not shown: 999 filtered ports

PORT   STATE SERVICE

22/tcp open  ssh


Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds

[ec2-user@ip-10-79-196-15 ~]$ nmap -v-Pn 10.79.196.74

Invalid argument to -v: "-Pn".

QUITTING!

[ec2-user@ip-10-79-196-15 ~]$ nmap -v -Pn 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:52 UTC

Initiating Parallel DNS resolution of 1 host. at 08:52

Completed Parallel DNS resolution of 1 host. at 08:52, 0.00s elapsed

Initiating Connect Scan at 08:52

Scanning 10.79.196.74 [1000 ports]

Discovered open port 22/tcp on 10.79.196.74

Completed Connect Scan at 08:52, 6.50s elapsed (1000 total ports)

Nmap scan report for 10.79.196.74

Host is up (0.00014s latency).

Not shown: 999 filtered ports

PORT   STATE SERVICE

22/tcp open  ssh


Read data files from: /usr/bin/../share/nmap

Nmap done: 1 IP address (1 host up) scanned in 6.53 seconds

[ec2-user@ip-10-79-196-15 ~]$ nmap -v -r -Pn 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:53 UTC

Initiating Parallel DNS resolution of 1 host. at 08:53

Completed Parallel DNS resolution of 1 host. at 08:53, 0.00s elapsed

Initiating Connect Scan at 08:53

Scanning 10.79.196.74 [1000 ports]

Discovered open port 22/tcp on 10.79.196.74

Completed Connect Scan at 08:53, 6.51s elapsed (1000 total ports)

Nmap scan report for 10.79.196.74

Host is up (0.00015s latency).

Not shown: 999 filtered ports

PORT   STATE SERVICE

22/tcp open  ssh


Read data files from: /usr/bin/../share/nmap

Nmap done: 1 IP address (1 host up) scanned in 6.53 seconds

[ec2-user@ip-10-79-196-15 ~]$ nmap -v -r 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:54 UTC

Initiating Ping Scan at 08:54

Scanning 10.79.196.74 [2 ports]

Completed Ping Scan at 08:54, 3.00s elapsed (1 total hosts)

Nmap scan report for 10.79.196.74 [host down]

Read data files from: /usr/bin/../share/nmap

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds

[ec2-user@ip-10-79-196-15 ~]$ nmap -r 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:54 UTC

Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn

Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8081 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000031s latency).

PORT     STATE    SERVICE

8081/tcp filtered blackice-icecap

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8080 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000033s latency).

PORT     STATE    SERVICE

8080/tcp filtered http-proxy

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8081 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000030s latency).

PORT     STATE    SERVICE

8081/tcp filtered blackice-icecap

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000052s latency).

PORT   STATE SERVICE

22/tcp open  ssh

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:8080 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:57 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000034s latency).

PORT     STATE    SERVICE

8080/tcp filtered http-proxy

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:8081 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:57 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000035s latency).

PORT     STATE    SERVICE

8081/tcp filtered blackice-icecap

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:22 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:58 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000047s latency).

PORT   STATE SERVICE

22/tcp open  ssh

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:6900 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:58 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000049s latency).

PORT     STATE  SERVICE

6900/tcp closed unknown

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22,6900,8080,8081 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 09:00 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000052s latency).

PORT     STATE    SERVICE

22/tcp   open     ssh

6900/tcp closed   unknown

8080/tcp filtered http-proxy

8081/tcp closed   blackice-icecap

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 1.47 seconds

[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22,6900,8080,8081 10.79.196.74


Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 09:01 UTC

Nmap scan report for 10.79.196.74

Host is up (0.000060s latency).

PORT     STATE    SERVICE

22/tcp   open     ssh

6900/tcp closed   unknown

8080/tcp filtered http-proxy

8081/tcp open     blackice-icecap

MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)


Nmap done: 1 IP address (1 host up) scanned in 1.47 seconds

[ec2-user@ip-10-79-196-15 ~]$

No comments:

Post a Comment

Azure - Pipeline - Add Approver for Stage

https://learn.microsoft.com/en-us/azure/devops/pipelines/process/approvals?view=azure-devops&tabs=check-pass