Scanning Ports on Your CentOS Server

Published November 27th, 2008

Problem Statement

It is always a good idea to routinely scan your server for open ports so that you know exactly what is open and available on the Internet. In this article, we will show you how to use too popular utility programs to do just that.

Using nc to scan for ports on your CentOS server

First make sure you have nc installed on your system. If you simply enter the nc at the root shell prompt and do not get the syntax information, you need to install it. Installing nc is very simple. Just run: yum -y install nc to have yum install it for you.

Once installed, you can use nc to scan for open ports on any server that you manage. Please note that it is not polite and possibly not legal in your country to scan someone else’s system without receiving appropriate permissions apriori.

To scan a host using nc for open ports between 1 to 9999, run:

$ nc -w 2  -z [hostname or IP address]  [port range]

For example:

$ nc -w 2  -z www.example.com 1-9999

Here the host named www.example.com will be scanned for all ports in 1-9999 range.

A sample output of such a command is shown below:

Connection to www.example.com 80 port [tcp/http] succeeded!
Connection to www.example.com 110 port [tcp/pop3] succeeded!
Connection to www.example.com 143 port [tcp/imap] succeeded!

Here nc reports that the www.example.com server has port 80 (HTTP), 110 (POP3), and 143 (IMAP) open.

Using nmap to scan for ports on your CentOS server

Like nc, the nmap utility program is also a great tool for scanning your server ports. If you do not have it already installed just run: yum -y install nmap and let yum install it for you.

Once installed, you can run various types of scans that you can do with nmap, the one that we found most interesting is as follows:

 $  nmap -A -T4 [hostname] 

A sample output is shown below:

Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2008-11-27 12:37 PST
Stats: 0:00:01 elapsed; 0 hosts completed (1 up), 1 undergoing SYN Stealth Scan
SYN Stealth Scan Timing: About 2.17% done; ETC: 12:38 (0:00:49 remaining)
Interesting ports on demo.evoknow.com (75.142.210.121):
Not shown: 1018 filtered ports, 658 closed ports
PORT     STATE SERVICE VERSION
21/tcp   open  ftp     vsftpd 2.0.5
80/tcp   open  http    Apache httpd
443/tcp  open  http    Apache httpd
3306/tcp open  mysql   MySQL (unauthorized)
MAC Address: 00:11:25:2A:11:00 (IBM)
Device type: general purpose
Running: Linux 2.6.X
OS details: Linux 2.6.5 - 2.6.11
Uptime 42.268 days (since Thu Oct 16 07:11:35 2008)
Service Info: OS: Unix

Nmap finished: 1 IP address (1 host up) scanned in 13.303 seconds

The -A option enables OS detection and Version detection, Script scanning and Traceroute and the -T4 tells nmap to be aggressive with timing.

Category: Security | Tags: