[wplug] port scans
coldfire
rolick571 at duq.edu
Thu Oct 24 15:04:07 EDT 2002
> > Is there any tool for linux that will let me see what ports are open on my
> > local machine?? Sort of like a portscanner, but only for the local machine.
>
> /bin/netstat
>
> `/bin/netstat -pan` will tell you every port open on your system, what
> it's connected to, what transport protocol it's using, and the process
> that opened it.
this, provided the machine has not been comprimised and netstat is indeed
the original binary which came with the distribution :)
if you are just checking to see which ports are open and which processes
might have opened these ports, netstat is definitely the way to go ('man
netstat' .. but i mostly just use the netstat -apn mentioned earlier).
however, if you suspect the machine was comprimised, you should most
definitely scan the machine from another trusted source using a utility
such as nmap. the reasoning is that if a machine is comprimised and some
arbitrary port is opened up (such as 6667 which has been the most popular
lately), then the attacker may have altered netstat in such a way that it
won't report port 6667 as open even if it is.
coldie
More information about the wplug
mailing list