How to find which services & ports are open to the world

Asked by Shirish Agarwal on 2008-03-13

Hi all,
 Can anybody tell me how do I find which services & ports are open to the outside world.

I know there are some ways with sudo netstat but what after that?

Question information

Language:
English Edit question
Status:
Answered
For:
Ubuntu net-tools Edit question
Assignee:
No assignee Edit question
Last query:
2008-03-14
Last reply:
2008-03-14
Shirish Agarwal (shirishag75) said : #1

Ah, one of the answers I found is

 sudo netstat -ntpl

the downside is it only it listens for servers :(

"Active Internet connections (only servers)"

What about services like deluge or something like that.

Go to System -> Administration -> Network Tools. There's a Port Scan tab. Type in the IP or domain name of the server you want to scan. It will scan for open ports, and you should be able to tell what services are listening on which ports.

Shirish Agarwal (shirishag75) said : #3

Wesley

Thank u for answering so quickly, what I want is (& I did this but don't remember how)
what i had managed to do & that too on the CLI was that it was able to scan all the programs & tell which programs which accessing which ports.

alongwith the servers it also told me that firefox & some other apps which are listening to the outside world. & on which port. Makes it easier for me to handle things.

Shirish Agarwal (shirishag75) said : #4

Using netstat 1.42 on net-tools 1.60

shirish@Mugglewille:~$ netstat --version
net-tools 1.60
netstat 1.42 (2001-04-15)
Fred Baumgarten, Alan Cox, Bernd Eckenfels, Phil Blundell, Tuan Hoang and others
+NEW_ADDRT +RTF_IRTT +RTF_REJECT +FW_MASQUERADE +I18N
AF: (inet) +UNIX +INET +INET6 +IPX +AX25 +NETROM +X25 +ATALK +ECONET +ROSE
HW: +ETHER +ARC +SLIP +PPP +TUNNEL +TR +AX25 +NETROM +X25 +FR +ROSE +ASH +SIT +FDDI +HIPPI +HDLC/LAPB +EUI64

Jim Hutchinson (jphutch) said : #5

I'm not sure about netstat or any other local tools, but Shield's Up is a quick way to check what ports are open to the outside world.

https://www.grc.com/x/ne.dll?bh0bkyd2

Shirish Agarwal (shirishag75) said : #6

Jim,
 Thank u for ur quick reply. Although admittedly that is a nice tool, I'm looking for something which can be done from the CLI.

Jim Hutchinson (jphutch) said : #7

Well, netstat seems to do kind of that. On my system I get

sudo netstat -ntpl
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 0.0.0.0:6881 0.0.0.0:* LISTEN 26110/python2.5
tcp 0 0 127.0.0.1:631 0.0.0.0:* LISTEN 5247/cupsd
tcp6 0 0 :::6881 :::* LISTEN 26110/python2.5

I don't have much open or listening but that seems to be about right. I think the python stuff is because of deluge and it would be nice if that was a bit more clear.

Another nice tool is iptraf. It's terminal gui so maybe not what you want. It also doesn't give much info on what is listening and where. You are probably familiar with wireshark. It's all gui I think but might also do what you want. I've never really used it.

There is, of course, nmap (http://www.go2linux.org/nmap-command-graph-front-end-port-scan) and trojan scan may be focused on trojans but looks like it might also give some useful info (http://www.linux.com/articles/114086).

Finally, there is a whole host of tools listed here http://www.slac.stanford.edu/xorg/nmtf/nmtf-tools.html.

Shirish Agarwal (shirishag75) said : #8

Hey Jim,
 nice similar to what I found. the thing which kinda turns me off is that listing

sudo netstat -ntpl

there is no mention of firefox or/and port 80 simiarly if u are using e-mail client like thunderbird or something else which uses port 25 or so.

would try the other tools u have mentioned. What I'm looking for is netstat perhaps, perhaps playing around the switches/flags will give the right output :)

zmikez (mike-zmikez) said : #9

Hi Shirish,
   I think you have listening and talking reversed in your mind. To use one of the examples that you provided, Firefox doesn't listen on port 80, it talks to a HTTP server on the remote machine. That remote HTTP server is listening on port 80 and Firefox will establish this connection from a very high numbered port on your local server. Try this:
----------------------
Open a terminal window.
Open Firefox.
Go to a URL in Firefox that is very slow or downloads a file.
In the the terminal window type "netstat --inet -an". (minus the double quotes)
You should see Firefox connected to a remote server on port 80.
You should also see that same connection using a high numbered local port.
----------------------

Don't worry about the local port in this case. It is dynamic; Firefox will choose a new one of each connection and IPTABLES (the Linux firewall) will allow the connect by default because your computer started the connection.

I hope that helps.

--Mike

zmikez (mike-zmikez) said : #10

"netstat --inet -an" above should be "netstat --inet -anp"

Can you help with this problem?

Provide an answer of your own, or ask Shirish Agarwal for more information if necessary.

To post a message you must log in.