LinuxQuestions.org
Latest LQ Deal: Latest LQ Deals
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Networking
User Name
Password
Linux - Networking This forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.

Notices


Reply
  Search this Thread
Old 05-14-2006, 04:32 AM   #1
NuxIT
Member
 
Registered: Jul 2003
Location: Westminser, CO
Distribution: xUbuntu
Posts: 118

Rep: Reputation: 20
Can I run a port scan to a "target" machine from the internet?


I was wondering if I could run a port scan on my home network from a remote network. I was wondering if I could use a site like GRC shields up to scan my home network? If not, might I be able to use a dedicated port scanning application to do this. Any suggestions on either a web based tool or a good windows port scanner app? TBH NuxHeadz
 
Old 05-14-2006, 05:17 AM   #2
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Rep: Reputation: 45
Quote:
I was wondering if I could run a port scan on my home network from a remote network.
They are generally run from remote network.


Quote:
I was wondering if I could use a site like GRC shields up to scan my home network? If not, might I be able to use a dedicated port scanning application to do this. Any suggestions on either a web based tool or a good windows port scanner app?
NMap is the best port scanner. Its inbuilt in linux distros. For windows you will have to download it. You just need to fetch your(the n/w which you are intending to scan) IP address to the port scanner. Rest is its job.

Warining: It may be illegal to scan someones n/w without his/her permission.

regards

Last edited by b0nd; 05-14-2006 at 05:19 AM.
 
Old 05-17-2006, 10:03 PM   #3
NuxIT
Member
 
Registered: Jul 2003
Location: Westminser, CO
Distribution: xUbuntu
Posts: 118

Original Poster
Rep: Reputation: 20
Quote:
Originally Posted by ruudra
They are generally run from remote network.




NMap is the best port scanner. Its inbuilt in linux distros. For windows you will have to download it. You just need to fetch your(the n/w which you are intending to scan) IP address to the port scanner. Rest is its job.

Warining: It may be illegal to scan someones n/w without his/her permission.

regards
Thanks, I don't know why I didn't think of nmap. I was thinking since I'm ssh'd into my home network from work that a nmap scan of my WAN IP address wouldn't be the same as scanning outside the network. I believe its the same either way. An nmap scan shows port 80/tcp open .. I guess this is normal since I have a browser open on that laptop at home that I'm ssh'd into.
 
Old 05-17-2006, 10:33 PM   #4
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Rep: Reputation: 45
Quote:
Originally Posted by NuxIT
An nmap scan shows port 80/tcp open .. I guess this is normal since I have a browser open on that laptop at home that I'm ssh'd into.
hi,
i'm not much aware of ssh.
But if in your laptop just a brower is open then it doesn't require port no. 80 to be open.
"http" servers are required to be listening on port no. 80 to fetch services to clients. Browser is just a client of that and it will surely be using some port no. more than 1023 (0-1023 are reserved) on your machine.

run nmap with the "-A" <without ""> option to see which services and which version of there are running on your machine.
#nmap --v -A <your IP address>

regards

regards
 
Old 05-18-2006, 02:21 AM   #5
NuxIT
Member
 
Registered: Jul 2003
Location: Westminser, CO
Distribution: xUbuntu
Posts: 118

Original Poster
Rep: Reputation: 20
Quote:
Originally Posted by ruudra
hi,
i'm not much aware of ssh.
But if in your laptop just a brower is open then it doesn't require port no. 80 to be open.
"http" servers are required to be listening on port no. 80 to fetch services to clients. Browser is just a client of that and it will surely be using some port no. more than 1023 (0-1023 are reserved) on your machine.

run nmap with the "-A" <without ""> option to see which services and which version of there are running on your machine.
#nmap --v -A <your IP address>

regards

regards
Hi, nmap with the -A option shows:

root@laptop:/mnt/hda5/vids# nmap -A 67.190.X.X

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-05-18 01:18 EDT
Interesting ports on c-67-X-X.hsd1.co.comcast.net (67.190.X.X):
(The 1662 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE VERSION
80/tcp open http?
1 service unrecognized despite returning data. If you know the service/version, please submit the following fingerprint at http://www.insecure.org/cgi-bin/servicefp-submit.cgi :
SF-Port80-TCP:V=3.81%D=5/18%Time=446C0398%P=i686-pc-linux-gnu%r(GetRequest
SF:,1430,"HTTP/1\.0\x20200\x20Ok\r\nServer:\x20micro_httpd\r\nDate:\x20Wed
SF:,\x2025\x20Mar\x201970\x2009:07:16\x20GMT\r\nCache-Control:\x20no-cache
SF:\r\nPragma:\x20no-cache\r\nExpires:\x200\r\nContent-Type:\x20text/html\
SF:r\nConnection:\x20close\r\n\r\n<html>\r\n<head>\r\n<meta\x20http-equiv=
SF:\"Content-Type\"\x20content=\"text/html;\x20charset=iso-8859-1\">\r\n<l
SF:ink\x20rel=\"stylesheet\"\x20href=\"styles\.css\"\x20type=\"text/css\">
SF:\r\n<script\x20language=\"Javascript\"\x20src=\"language\.js\"></script
SF:>\r\n<script>assign_var\(\);</script>\r\n<script\x20language=\"JavaScri
SFt\"\x20src=\"showMenu\.js\"></script>\r\n<script>\r\nstrHtml='<title>'
SF:\+i1\+'</title>';\r\ndw\(strHtml\);\r\n<!--\r\nvar\x20wanStatus\t='Up'\
SF:x20\?\x20'Up'\x20:\x20'Not';\r\nvar\x20helpItem\x20\t='';\r\nvar\x20men
SF:uSection\t='';\r\nvar\x20menuItem\t='';\r\nvar\x20isRouter\t='1'\x20\?\
SF:x20'1'\x20:\x20'0';\r\nvar\tisPS\t\t=''\x20\?\x20''\x20:\x20'0';\r\nvar
SF:\x20isAPmode\r\nif\('vlan1'\x20==''\x20\|\|\x20'1'=='0'\)\r\n\tisAPmode
SF:='1';\r\nelse\tisAPmode='0';\r\nvar\x20bssid\x20=\x20'00:11:50:5e:fc:1f
SF:';\r\nif\(isPS=='1'\){\r\nvar\x20prStatus='';\r\nvar\x20t0=prStatus\.in
SF:dexOf\('<delimit>'\);\r\nvar\x20t1=prStatus\.i")%r(HTTPOptions,111,"HTT
SF:P/1\.0\x20501\x20Not\x20Implemented\r\nServer:\x20micro_httpd\r\nDate:\
SF:x20Wed,\x2025\x20Mar\x201970\x2009:07:16\x20GMT\r\nContent-Type:\x20tex
SF:t/html\r\nConnection:\x20close\r\n\r\n<HTML><HEAD><TITLE>501\x20Not\x20
SF:Implemented</TITLE></HEAD>\n<BODY\x20BGCOLOR=\"#cc9999\"><H4>501\x20Not
SF:\x20Implemented</H4>\nThat\x20method\x20is\x20not\x20implemented\.\n")%
SF:r(RTSPRequest,111,"HTTP/1\.0\x20501\x20Not\x20Implemented\r\nServer:\x2
SF:0micro_httpd\r\nDate:\x20Wed,\x2025\x20Mar\x201970\x2009:07:16\x20GMT\r
SF:\nContent-Type:\x20text/html\r\nConnection:\x20close\r\n\r\n<HTML><HEAD
SF:><TITLE>501\x20Not\x20Implemented</TITLE></HEAD>\n<BODY\x20BGCOLOR=\"#c
SF:c9999\"><H4>501\x20Not\x20Implemented</H4>\nThat\x20method\x20is\x20not
SF:\x20implemented\.\n")%r(Help,FA,"HTTP/1\.0\x20400\x20Bad\x20Request\r\n
SF:Server:\x20micro_httpd\r\nDate:\x20Wed,\x2025\x20Mar\x201970\x2009:07:3
SF:1\x20GMT\r\nContent-Type:\x20text/html\r\nConnection:\x20close\r\n\r\n<
SF:HTML><HEAD><TITLE>400\x20Bad\x20Request</TITLE></HEAD>\n<BODY\x20BGCOLO
SF:R=\"#cc9999\"><H4>400\x20Bad\x20Request</H4>\nCan't\x20parse\x20request
SF:\.\n");
Device type: general purpose
Running: Linux 2.4.X|2.5.X
OS details: Linux 2.4.0 - 2.5.20
Uptime 83.381 days (since Thu Feb 23 15:10:57 2006)

Nmap finished: 1 IP address (1 host up) scanned in 70.014 seconds

Is this something to be concerned about? I don't recall nmap showing port 80 as open before?
Edit: I'm showing service thttpd running and I don't run any sort of websever. I'm thinking this is the service that has opened port 80. I killed that process and now port 80 is closed.. What the heck could have caused that service to start? Time for more research.
Thanks

Last edited by NuxIT; 05-18-2006 at 02:30 AM.
 
Old 05-18-2006, 04:20 AM   #6
b0nd
Senior Member
 
Registered: Jan 2005
Distribution: Slackware, BackTrack, Windows XP
Posts: 1,020

Rep: Reputation: 45
Quote:
Uptime 83.381 days (since Thu Feb 23 15:10:57 2006)
Is your machine a server ???

regards
 
Old 05-18-2006, 05:12 AM   #7
NuxIT
Member
 
Registered: Jul 2003
Location: Westminser, CO
Distribution: xUbuntu
Posts: 118

Original Poster
Rep: Reputation: 20
Quote:
Originally Posted by ruudra
Is your machine a server ???

regards
Nope. I have no idea why it shows that uptime! I haven't even had knoppix installed that long. LOL.. I'm thinking it might have something to do with the apt-update and apt-upgrade commands I ran earlier? nmap localhost doesn't show this port anymore but when I nmap my WAN IP address the only thing coming back showing Up is port 80!!

root@laptop:/etc# nmap 67.190.X.x

Starting nmap 3.81 ( http://www.insecure.org/nmap/ ) at 2006-05-18 04:06 EDT
Interesting ports on c-67-190-X-X.hsd1.co.comcast.net (67.190.1X.X):
(The 1662 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
80/tcp open http

Nmap finished: 1 IP address (1 host up) scanned in 1.441 seconds

Time to run some more scans at home to see what the hell has opened my port 80!!! Grrrrr angry user.
 
Old 05-18-2006, 05:12 AM   #8
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
Execute
Code:
/sbin/chkconfig --list
to see if the httpd service is started automatically.
 
Old 05-18-2006, 05:19 AM   #9
NuxIT
Member
 
Registered: Jul 2003
Location: Westminser, CO
Distribution: xUbuntu
Posts: 118

Original Poster
Rep: Reputation: 20
Quote:
Originally Posted by timmeke
Execute
Code:
/sbin/chkconfig --list
to see if the httpd service is started automatically.
No such file or directory.
 
Old 05-18-2006, 06:20 AM   #10
timmeke
Senior Member
 
Registered: Nov 2005
Location: Belgium
Distribution: Red Hat, Fedora
Posts: 1,515

Rep: Reputation: 61
OK. Try looking into directories like
/etc/init.d, /etc/rc.d, etc.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Shell Script: Find "Word" Run "Command" granatica Linux - Software 5 07-25-2007 07:42 AM
wan't to run "Virtual Machine Installation (XEN)" on SuSE 10? AQG Linux - Software 1 02-08-2006 10:48 PM
"iptables: No chain/target/match by that name" error PennyroyalFrog Linux - Security 2 11-28-2004 01:57 PM
I'm getting a "Port scan" all the time. Should I be worried? Mega Man X General 13 07-16-2004 09:50 PM
Stop showing my "machine name" on internet (like in Shields UP!) hendrixx Linux - Security 8 01-18-2004 09:07 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Networking

All times are GMT -5. The time now is 11:25 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration