[NMLUG] SuSE fast internet protection question.

Robbins, Wesley L nmlug@swcp.com
Thu, 29 Nov 2001 11:22:45 -0700


This is the tool I just used and noticed a port 33333 showed up on my system
last night. Unfortunately, it "magically went away" this morning.  So, when
I 
get home I'd like to see if it pops up again I could find it is and kill it.
Also make sure it is not bad....


-----Original Message-----
From: Michael Young [mailto:myoung150@home.com]
Sent: Thursday, November 29, 2001 11:13 AM
To: NMLUG
Subject: Re: [NMLUG] SuSE fast internet protection question.


On Thu, 2001-11-29 at 10:26, Aaron Birenboim wrote:
> "Robbins, Wesley L" wrote:
> > 
> > Is there a way to see what program is listening to a port?
> 
> yes. but there must be an easier way.
> I think that sockstat (or socklist... i forget the LINUX vs. *BSD
> program names) will give some Process ID's which can be looked
> up from ps.  You also may want to look into fuser.
> It may tell you which process has which file open.
> There should be a way to associate a file handle with a socket.
> Perhaps socklist will do this.
> 
> Anybody know easier way(s)?


Actually, there is a port scanner called nmap. It is an excellent tool.
I would think it should be included with SUSE, at least on the CDs. If
not, it can be found at http://www.insecure.org/nmap/ . There is an X11
front-end for it as well ( nmapfe ). After installation, "man nmap" is
quite informative, and fairly clear on the proper syntax. 

For a list of services to port numbers, look at the file /etc/services.
If the file doesn't exist let me know, and I will email it to you.

Basic TCP scan syntax is something like....

###################################################################

Scan of localhost

[myoung@nefretiri: myoung]$ nmap -sT nefretiri

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on nefretiri.localdomain (10.0.0.3):
(The 1539 ports scanned but not shown below are in state: closed)
Port       State       Service
22/tcp     open        ssh                     
515/tcp    open        printer                 
6000/tcp   open        X11                     


Nmap run completed -- 1 IP address (1 host up) scanned in 1 second

##################################################################

Scan of another host on the network

[myoung@nefretiri: myoung]$ nmap -sT spellcaster

Starting nmap V. 2.54BETA22 ( www.insecure.org/nmap/ )
Interesting ports on spellcaster.localdomain (10.0.0.2):
(The 1532 ports scanned but not shown below are in state: closed)
Port       State       Service
21/tcp     open        ftp                     
22/tcp     open        ssh                     
25/tcp     open        smtp                    
37/tcp     open        time                    
53/tcp     open        domain                  
80/tcp     open        http                    
110/tcp    open        pop-3                   
443/tcp    open        https                   
3306/tcp   open        mysql                   
6000/tcp   open        X11                     


Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds

###################################################################

Hope this helps. Please feel free to contact me off list if I can be of
assistance.

-- 
-:Michael:-

------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------


------------------------------------------------------
To UNSUBSCRIBE send a message to nmlug-request@swcp.com
with only the word unsubscribe in the body.  More
information can be found at www.nmlug.org/info.html
-----------------------------------------------------