7

I know that i can use nmap to see which ports are open on specific machine. But what i need is a way to get it from the host side itself.

Currently, if i use nmap on one of my machines to check the other one, i get for an example:

smb:~# nmap 192.168.1.4

PORT    STATE  SERVICE
25/tcp  open   smtp
80/tcp  open   http
113/tcp closed ident
143/tcp open   imap
443/tcp open   https
465/tcp open   smtps
587/tcp open   submission
993/tcp open   imaps

Is there a way to do this on the host itself? Not from a remote machine to a specific host.

I know that i can do

nmap localhost

But that is not what i want to do as i will be putting the command into a script that goes through all the machines.

EDIT:

This way, nmap showed 22 5000 5001 5432 6002 7103 7106 7201 9200 but lsof command showed me 22 5000 5001 5432 5601 6002 7102 7103 7104 7105 7106 7107 7108 7109 7110 7111 7112 7201 7210 11211 27017

TheSebM8
  • 459
  • 2
  • 8
  • 18
  • 5
    could you please explain why it's a problem to run nmap on the localhost because it's in a script ? Could you please explain your goal so we can help. Without edit there's few chances we will be able to answer. – Kiwy Mar 28 '18 at 08:37
  • 1
    Basically, some of our hosts can't use `localhost` as a name. i need to find a better/alternative way to do it – TheSebM8 Mar 28 '18 at 10:44
  • 2
    127.0.0.1 ? why can't you use localhost ? that's odd – Kiwy Mar 28 '18 at 11:55
  • @Kiwy By default nmap only scans the 1000 most common ports, not all of them. It would be slow, even for localhost, to scan every port one by one. If there's a firewall with a DROP policy in place, that'd also mean having to wait for each port to timeout only to NOT be sure that they're open (not the same as knowing they're closed). A service could be listening to a port and not respond to probes, after all, like a port knocking service. – JoL Mar 29 '18 at 00:38
  • @Kiwy i found the culprite, i did not have `127.0.0.1 localhost ` in my machines `/etc/hosts` folder. – TheSebM8 Mar 29 '18 at 06:20

6 Answers6

26

On Linux, you can use:

ss -ltu

or

netstat -ltu

To list the listening TCP and UDP ports.

Add the -n option (for either ss or netstat) if you want to disable the translation from port number and IP address to service and host name.

Add the -p option to see the processes (if any, some ports may be bound by the kernel like for NFS) which are listening (if you don't have superuser privileges, that will only give that information for processes running in your name).

That would list the ports where an application is listening on (for UDP, that has a socket bound to it). Note that some may only listen on a given address only (IPv4 and/or IPv6), which will show in the output of ss/netstat (0.0.0.0 means listen on any IPv4 address, [::] on any IPv6 address). Even then that doesn't mean that a given other host on the network may contact the system on that port and that address as any firewall, including the host firewall may block or mask/redirect the incoming connections on that port based on more or less complex rules (like only allow connections from this or that host, this or that source port, at this or that time and only up to this or that times per minutes, etc).

For the host firewall configuration, you can look at the output of iptables-save.

Also note that if a process or processes is/are listening on a TCP socket but not accepting connections there, once the number of pending incoming connection gets bigger than the maximum backlog, connections will no longer be accepted, and from a remote host, it will show as if the port was blocked. Watch the Recv-Q column in the output of ss/netstat to spot those situations (where incoming connections are not being accepted and fill up a queue).

Stéphane Chazelas
  • 522,931
  • 91
  • 1,010
  • 1,501
6

You can also use

sudo lsof -i |grep LISTEN

which will show all ports currently LISTENing.

tonioc
  • 2,019
  • 13
  • 12
  • 1
    I was still googleing, i also found this.`lsof -Pnl +M -i4` i added `| grep *: | grep LISTEN` and `cut -d ":" -f2 | grep -o '[0-9]*' | sort -u | sort -n` Would this be considered the same as nmap? – TheSebM8 Mar 28 '18 at 08:44
  • EDITED MY normal post. – TheSebM8 Mar 28 '18 at 08:47
2

Just do nmap localhost or nmap 127.0.0.1

EDIT:

There is also ss -lntu from https://superuser.com/questions/529830/get-a-list-of-open-ports-in-linux#529844

Romain L.
  • 74
  • 4
  • Sorry, i just edited my post as you wrote this one. i know of this, forgot to mention. – TheSebM8 Mar 28 '18 at 08:17
  • What exactly do you want to do? – Romain L. Mar 28 '18 at 08:22
  • Similar to `nmap` i want to see which ports are open from outside the world. Basically what `nmap` but i need alternatives to it. as i will be going through 21 machines in total with the command (in a script) – TheSebM8 Mar 28 '18 at 08:26
1
netstat -plan

or, for any specific port,

netstat -plan | grep :<portno.>
Jeff Schaller
  • 66,199
  • 35
  • 114
  • 250
Syed Abdul Qadeer
  • 117
  • 1
  • 5
0

To view a list of application/Port combination use

cat /etc/services

To view open TCP/UDP ports type in the terminal:

netstat -lntu

or

ss -lntu

vedant anand
  • 11
0

You can check in this way complete list tpc with all detail:

netstat -nltu

for all ports

netstat -plan

or, for any specific port,

netstat -plan | grep :<portnumber>
flik
  • 168
  • 1
  • 7