How to Check (Scan) for Open Ports in Linux
Port scanning is a procedure to check the open ports of a PC or a Server. Gamers and hackers widely use port scanners to look for accessible ports and fingerprint services. There are two kinds of ports to search for in TCP/IP Internet Protocol, TCP(Transmission Control Protocol) and UDP(User Datagram Protocol) (User Datagram Protocol). Both TCP and UDP have their technique of scanning. In this post, we’ll look at how to conduct a port scan in a Linux environment, but first, we’ll look at how to port scanning works. Note that port scanning is forbidden in numerous countries, be careful to verify for permits before scanning your target.
TCP Scanning
TCP is a stateful protocol since it retains the state of connections. TCP connection comprises three-way handshaking of Server socket and client-side socket. While a server socket is listening, the client sends an SYN, and then Server comes back with SYN-ACK. The client then sends ACK to finish the handshake for the connection.
To scan for a TCP open port, a scanner sends an SYN message to the Server. If SYN-ACK is delivered back, then the port is open. And if the Server doesn’t finish the handshake and replies with an RST, then the port is closed.
UDP Scanning
On the other hand, UDP is a stateless protocol that doesn’t preserve the state of connection. It also doesn’t involve a three-way handshake.
A UDP scanner sends a UDP packet to the port to scan for a UDP port. If that port is closed, an ICMP packet is created and delivered back to the origin. If this doesn’t happen, then it implies the port is open.
UDP port scanning is sometimes inaccurate because ICMP packets are rejected by firewalls, causing false positives for port scanners.
Port Scanners
Now that we’ve looked at how to port scanning works, we can move ahead to other port scanners and their capabilities.
Nmap
Nmap is the most flexible and thorough port scanner accessible until now. It can handle anything from port scanning to fingerprinting Operating systems and vulnerability scanning. Nmap offers both CLI and GUI interfaces; the GUI is named Zenmap. It includes a lot of diverse choices to make rapid and efficient scans. Here’s how to install Nmap on Linux.
sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install Nmap -y
We’ll use Nmap to scan a server (hackme.org) for open ports and identify services accessible on those ports; it's incredibly straightforward. Just enter the map and the server address.
Nmap hackme.org
To scan for UDP ports, including the -sU option with sudo, needs root access.
sudo nmap -sU hackme.org
There are several additional choices available in Nmap such as:
-p- : Scan for all 65535 ports
-sT : TCP connect scan
-O : Scans for operating system running
-v : Verbose scan
-A : Aggressive scan, scans for everything
-T[1-5] : To set the scanning speed
-Pn : In case the server blocks ping
Zenmap
Zenmap is a GUI interface of Nmap for click-kiddies so that you won’t have to learn its instructions. To install it, enter
sudo apt-get install -y zenmap
Simply insert its address and pick from available scan options to scan a server.
Netcat
Netcat is a raw TCP and UDP port writer which may also be used as a port scanner. It utilizes connect scan, that’s why it is not as quick as Network Mapper. To install it, enterTo check for an open port, type
hackme.org [217.78.1.155] 80 (http) open
To search for a range of ports, type
ubuntu@ubuntu:~$ nc -z -nv 127.0.0.1 20-80
(UNKNOWN) [127.0.0.1] 80 (http) open
(UNKNOWN) [127.0.0.1] 22 (ssh) open
Unicornscan
Unicorns can is a thorough and quick port scanner, intended for vulnerability researchers. Unlike Network Mapper, it employs its own User-land Distributed TCP/IP stack. It has a lot of features that Nmap doesn’t, some of them are provided,
- Asynchronous stateless TCP scanning using all permutations of TCP Flags.
- Asynchronous stateless TCP banner capturing
- Asynchronous protocol-specific UDP Scanning (sending enough of a signature to elicit a response) (sending enough of a signature to elicit a response).
- Active and Passive remote OS, program, and component identification by analyzing replies.
- PCAP file logging and filtering
- Relational database output
- Custom module support
- Customized data-set views
To install Unicornscan, enter
ubuntu@ubuntu:~$ Sudo apt-get install unicornscan -y
To conduct a scan, type
ubuntu@ubuntu:~$ sudo us 127.0.0.1
TCP open ftp[ 21] from 127.0.0.1 ttl 128
TCP open smtp[ 25] from 127.0.0.1 ttl 128
TCP open http[ 80] from 127.0.0.1 ttl 128
Conclusion
Ports scanners come in useful whether you are a DevOp, Gamer, or a Hacker. There is no true comparison between these scanners; none of them is flawless, each of them has its pros and faults. It absolutely relies upon your needs and how you utilize them.