lsof ----- Ubuntu - Display port
netstat ---- Display Listening ports in localhost/Self
ss
Security Group is wrt - particular EC2 Instance and is "A Virtual N/w Firewall"
a firewall can be - OS Level Firewall
- Network(Router) Level Firewall
Linux OS Level Firewalls
ufw ---- firewalls in debian ubuntu distro
iptables ---- firewalls in redhat centos
nmap ---- For remote verification of ports
ncat(nc) ---- a tool of nmap which provides alternative to "netcat"
telnet -- used to talk to a port ---- 2nd Alternative
---------------------------------------------------------------------------------
https://www.cyberciti.biz/faq/how-to-check-open-ports-in-linux-using-the-cli/
---------------------------------------------------------------------------------
https://securitytrails.com/blog/nmap-commands
https://www.cyberciti.biz/faq/iptables-block-port/
https://www.tecmint.com/linux-iptables-firewall-rules-examples-commands/
https://www.journaldev.com/34113/opening-a-port-on-linux [BEST]
------------------------------------------------------------------------------------------
https://www.cybrary.it/blog/0p3n/netcat-vs-ncat-big-confusion/
Netcat - old classic library built by "Hobbit"
"ncat" is "netcat" equivalent from nmap
https://www.tecmint.com/find-open-ports-in-linux/
netstat basically tells us which port is listening
Its used in Localhost usually
netstat -np -u -t -l
-n process number
-p port number
-l listen
-t tcp
-u udp
established means live session on
TCP UDP and Sockets - 3 Types of connections
Netstat is obsolute - Use "ss" - All commands works similar as netstat
--------------------------------------------- ---------------------------------------------
For remote Use nmap
https://www.tecmint.com/nmap-command-examples/
--------------------------------------------- ---------------------------------------------
telnet [Type Telnet]
connect 10.79.196.74
ctrl+] Escape Character
status
--------------------------------------------------------------------------------------------
Debugging Telnet
Telnet works when Server is listening on that port.
https://www.cybrary.it/blog/0p3n/netcat-vs-ncat-big-confusion/
Ncat and telnet - is used as chat server to test connections.
ncat -l -p 6900 -t
telnet 127.0.0.1 6900
--------------------------------------------------------------------------------------------
https://www.baeldung.com/spring-boot-run-maven-vs-executable-jar
https://www.baeldung.com/spring-boot-change-port
---------------------------------------------------------------------------------
sudo nmap -p 22,6900,8080-8081,27017 10.79.196.74
https://www.cyberciti.biz/faq/unix-linux-check-if-port-is-in-use-command/
https://nmap.org/download.html - nmap "Zenmap UI"
nmap -sn 10.79.196.74 [Ping Scan when ping command does not work]
nmap -v 10.79.196.74 [Regular Scan, gives list of port status]
nmap -p 22,25,80,8080-8085 -v 10.79.196.74 [Explicit Port scan]
nmap -PN 10.79.196.74 -p 22,25,80,8080-8085
nmap -sS -sU -T4 -A -v -PE -PP -PS80,443 -PA3389 -PU40125 -PY -g 53 --script "default or (discovery and safe)" 10.79.196.74 [Slow Comprehensive scan]
https://nmap.org/book/port-scanning.html#port-scanning-port-intro
https://www.uv.mx/personal/angelperez/files/2018/10/scanning_texto.pdf
----------------------------------------------------------------------------------
well-known ports
These are reserved ports (within the range of 1 to 1,023, as discussed above) which have been registered with the IANA for a certain service. Familiar examples are ports 22, 25, and 80 for the services SSH, SMTP, and HTTP, respectively.
registered ports
These ports fall within the range 1,024 to 49,151 and have been registered with the IANA in the same way the well known ports have. Most of these are not as commonly used as the well-known ports. The key difference is that unprivileged users can bind to these ports and thus run the services on their registered port. Users cannot do so on most platforms for well-known ports, since they reside in the reserved port range.
dynamic and/or private ports
The IANA reserves the port numbers from 49152 through 65535 for dynamic uses such as those discussed in the ephemeral ports section. Proprietary services that are only used within a company may also use these ports.
----------------------------------------------------------------------------------
open
An application is actively accepting TCP connections or UDP packets on this port. Finding these is often the primary goal of port scanning. Attackers and pen-testers want to exploit the open ports, while administrators try to close or protect them with firewalls without thwarting legitimate users. Open ports are also interesting for non-security scans because they show services available for use on the network.
closed
A closed port is accessible (it receives and responds to Nmap probe packets), but there is no application listening on it. They may be worth scanning later in case some open up. Administrators may want to consider blocking such ports with a firewall so they appear in the filtered state, discussed next.
filtered
It essentially means "Blocked somewhere", It may be blocked my own Firewall
Nmap cannot determine whether the port is open because packet filtering prevents its probes from reaching the port. The filtering could be from a dedicated firewall device, router rules, or host-based firewall software. These ports frustrate attackers because they provide so little information.
unfiltered
The unfiltered state means that a port is accessible, but Nmap is unable to determine whether it is open or closed. Only the ACK scan, which is used to map firewall rulesets, classifies ports into this state. Scanning unfiltered ports with other scan types such as Window scan, SYN scan, or FIN scan, may help resolve whether the port is open.
open|filtered
closed|filtered
----------------------------------------------------------------------------------
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8081
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.79.196.74:8081.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8080
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 80
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 22
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 22
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 10.79.196.74:22.
Ncat: 0 bytes sent, 0 bytes received in 0.01 seconds.
[ec2-user@ip-10-79-196-15 ~]$ ncat -vz 10.79.196.74 8081
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -v 10.79.196.74 8081
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ ncat -v 10.79.196.74 8081
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connection timed out.
[ec2-user@ip-10-79-196-15 ~]$ nmap 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:50 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC
Nmap scan report for 10.79.196.74
Host is up (0.00022s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC
Nmap scan report for 10.79.196.74
Host is up (0.00027s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 4.23 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:51 UTC
Nmap scan report for 10.79.196.74
Host is up (0.00015s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Nmap done: 1 IP address (1 host up) scanned in 8.13 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -v-Pn 10.79.196.74
Invalid argument to -v: "-Pn".
QUITTING!
[ec2-user@ip-10-79-196-15 ~]$ nmap -v -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:52 UTC
Initiating Parallel DNS resolution of 1 host. at 08:52
Completed Parallel DNS resolution of 1 host. at 08:52, 0.00s elapsed
Initiating Connect Scan at 08:52
Scanning 10.79.196.74 [1000 ports]
Discovered open port 22/tcp on 10.79.196.74
Completed Connect Scan at 08:52, 6.50s elapsed (1000 total ports)
Nmap scan report for 10.79.196.74
Host is up (0.00014s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 6.53 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -v -r -Pn 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:53 UTC
Initiating Parallel DNS resolution of 1 host. at 08:53
Completed Parallel DNS resolution of 1 host. at 08:53, 0.00s elapsed
Initiating Connect Scan at 08:53
Scanning 10.79.196.74 [1000 ports]
Discovered open port 22/tcp on 10.79.196.74
Completed Connect Scan at 08:53, 6.51s elapsed (1000 total ports)
Nmap scan report for 10.79.196.74
Host is up (0.00015s latency).
Not shown: 999 filtered ports
PORT STATE SERVICE
22/tcp open ssh
Read data files from: /usr/bin/../share/nmap
Nmap done: 1 IP address (1 host up) scanned in 6.53 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -v -r 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:54 UTC
Initiating Ping Scan at 08:54
Scanning 10.79.196.74 [2 ports]
Completed Ping Scan at 08:54, 3.00s elapsed (1 total hosts)
Nmap scan report for 10.79.196.74 [host down]
Read data files from: /usr/bin/../share/nmap
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds
[ec2-user@ip-10-79-196-15 ~]$ nmap -r 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:54 UTC
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.02 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000031s latency).
PORT STATE SERVICE
8081/tcp filtered blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8080 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000033s latency).
PORT STATE SERVICE
8080/tcp filtered http-proxy
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000030s latency).
PORT STATE SERVICE
8081/tcp filtered blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:56 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000052s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:8080 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:57 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000034s latency).
PORT STATE SERVICE
8080/tcp filtered http-proxy
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:57 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000035s latency).
PORT STATE SERVICE
8081/tcp filtered blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:22 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:58 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000047s latency).
PORT STATE SERVICE
22/tcp open ssh
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p T:6900 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 08:58 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000049s latency).
PORT STATE SERVICE
6900/tcp closed unknown
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 0.46 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22,6900,8080,8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 09:00 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000052s latency).
PORT STATE SERVICE
22/tcp open ssh
6900/tcp closed unknown
8080/tcp filtered http-proxy
8081/tcp closed blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 1.47 seconds
[ec2-user@ip-10-79-196-15 ~]$ sudo nmap -p 22,6900,8080,8081 10.79.196.74
Starting Nmap 6.40 ( http://nmap.org ) at 2021-06-13 09:01 UTC
Nmap scan report for 10.79.196.74
Host is up (0.000060s latency).
PORT STATE SERVICE
22/tcp open ssh
6900/tcp closed unknown
8080/tcp filtered http-proxy
8081/tcp open blackice-icecap
MAC Address: 0E:C2:7E:C4:A2:A3 (Unknown)
Nmap done: 1 IP address (1 host up) scanned in 1.47 seconds
[ec2-user@ip-10-79-196-15 ~]$
No comments:
Post a Comment