Want to know which services/programs are open on that IP Address
Interested in knowing the open ports on the IP address
1. How do I find out what ports are open/services are running on that IP address?
There are port scanners for Windows and Unix, "nmap" ( http://www.insecure.org/nmap/ and available on the Trinux boot disk) being my personal choice.
If you want to find out what ports are open on your local Windows box use the "netstat" command.
Windows:
Sample Output of netstat command
C:\>netstat
Active Connections
Proto Local Address Foreign Address State
TCP testbox1:1370 cser-fs01.mydomains.com:netbios-ssn ESTABLISHED
TCP testbox1:1469 ntemail1-tr.mydomains.state.com:1078 ESTABLISHED
TCP testbox1:1473 ntemail1-tr.mydomains.state.com:1091 ESTABLISHED
TCP testbox1:1495 ntemail1-tr.mydomains.state.com:1078 ESTABLISHED
TCP testbox1:1499 ntemail1-tr.mydomains.state.com:1091 ESTABLISHED
TCP testbox1:1631 tux.mydomains.com:telnet ESTABLISHED
TCP testbox1:1690 bl-uits-myadsdc01.myads.mydomain.com:microsoft-ds TIME_WA
IT
TCP testbox1:1692 cser-app1.mydomains.com:microsoft-ds ESTABLISHED
TCP testbox1:1694 bl-uits-myadsdc01.myads.mydomain.com:microsoft-ds TIME_WA
IT
TCP testbox1:1699 homepages1.mydomains.com:netbios-ssn TIME_WAIT
For more detailed information, like which binaries are opened on a port use a tool like Fport
Download fport
Sample Output of fport Utility
C:\>fport
FPort v2.0 - TCP/IP Process to Port Mapper
Pid Process Port Proto Path
1572 inetinfo -> 25 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
1572 inetinfo -> 80 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
1008 svchost -> 135 TCP C:\WINDOWS\system32\svchost.exe
4 System -> 139 TCP
1572 inetinfo -> 443 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
4 System -> 445 TCP
1108 svchost -> 1025 TCP C:\WINDOWS\System32\svchost.exe
1572 inetinfo -> 1043 TCP C:\WINDOWS\System32\inetsrv\inetinfo.exe
776 winlogon -> 1056 TCP \??\C:\WINDOWS\system32\winlogon.exe
4 System -> 1135 TCP
2436 OUTLOOK -> 1162 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 1169 TCP
2436 OUTLOOK -> 1176 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
1232 firefox -> 1219 TCP C:\Program Files\Mozilla Firefox\firefox.exe
1232 firefox -> 1220 TCP C:\Program Files\Mozilla Firefox\firefox.exe
2436 OUTLOOK -> 1221 TCP C:\Program Files\Microsoft Office\OFFICE11\OUTLOOK.EXE
4 System -> 1390 TCP
4 System -> 1451 TCP
4 System -> 1456 TCP
1232 firefox -> 1602 TCP C:\Program Files\Mozilla Firefox\firefox.exe
On Linux/Unix
Linux/Unix:
Use the "lsof -i" command:
Sample Output of lsof -i command
bash# lsof -i
COMMAND PID USER FD TYPE DEVICE SIZE NODE NAME
dhclient 467 root 4u IPv4 777 UDP *:bootpc
portmap 533 rpc 3u IPv4 898 UDP *:sunrpc
portmap 533 rpc 4u IPv4 901 TCP *:sunrpc (LISTEN)
rpc.statd 552 rpcuser 4u IPv4 972 UDP *:32768
rpc.statd 552 rpcuser 5u IPv4 939 UDP *:728
rpc.statd 552 rpcuser 6u IPv4 975 TCP *:32768 (LISTEN)
sshd 642 root 3u IPv4 1287 TCP *:ssh (LISTEN)
xinetd 657 root 5u IPv4 1313 TCP localhost.localdomain:32769 (LISTEN)
sendmail 682 root 4u IPv4 1377 TCP localhost.localdomain:smtp (LISTEN)
httpd 712 root 3u IPv4 1422 TCP *:http (LISTEN)
httpd 712 root 4u IPv4 1423 TCP *:https (LISTEN)
sshd 8498 root 4u IPv4 323188 TCP balrog.ius.com:ssh->winxpe:1644 (ESTABLISHED)
httpd 31094 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31094 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31095 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31095 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31096 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31096 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31097 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31097 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31098 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31098 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31099 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31099 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31100 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31100 apache 4u IPv4 1423 TCP *:https (LISTEN)
httpd 31101 apache 3u IPv4 1422 TCP *:http (LISTEN)
httpd 31101 apache 4u IPv4 1423 TCP *:https (LISTEN)
bash#
No comments:
Post a Comment