# Portscan yourself?

## stevem

Hi folks,

I'd like to portscan myself, on my internal network, prior to going "live".  Currently, I have one of those DSL/router boxes that terminates my PPPOE connection, and provides NAT translation for my internal network that includes a couple of gentoo boxes, and my win2K laptop for work sometimes.

In any case, for several reasons, I want to terminate my PPPOE on one of the gentoo boxes.  Before doing this, I'd like to setup my firewall scripts on the ethernet card that will be terminating it and testing the firewall with portscans from my friendly internal network.  Obviously, the free web-based portscanners are no use to me as I want to test it before going onto the internet with the box.

So, how do I do a portscan on a box?  I'd like to run some program on one gentoo box on my internal network to check an interface on another gentoo box.  netstat?  what options?  something else?

Thanks

Steve

----------

## asiobob

nmap

http://www.insecure.org/nmap/

its on portage as well, read the manual, very powerful scanner

----------

## tam1138

nmap is great.  You can also use netstat to determine which programs are listening on which ports.

For TCP:

```
# netstat -tlp
```

For UDP:

```
# netstat -ulp
```

"t" or "u" for TCP or UDP, "l" for listening (omit to list connections), "p" tells you which program owns the listen/connect ("p" only works as root).

This will not take into account any firewall you have running.

----------

## dma

The deal with nmap is that it is best if you ALSO nmap yourself from a remote site that doesn't firewall stuff.  That way you can see if your ISP is somehow blocking stuff on your connection.

I wouldn't do this without the permission of the person who runs the remote site though.

----------

## r0b

better yet, get one of your friends to portscan you who has r00t access to a linux box.  That way, they can perform more than just simple TCP connect scans.

----------

## gizmo.tar.bz23

emerge nmap

nmap localhost to see what ports

are currently open.

----------

## Oopsz

nessus is also excellent

----------

## Terminal Insanity

When i use nmap on myself, it shows zero ports open:

```
Starting nmap 3.48 ( http://www.insecure.org/nmap/ ) at 2003-11-16 22:31 EST

All 1657 scanned ports on localhost (127.0.0.1) are: closed

Nmap run completed -- 1 IP address (1 host up) scanned in 2.120 seconds
```

 But i had my firend scan me and he found this:

```
PORT    STATE    SERVICE

21/tcp  open     ftp

25/tcp  filtered smtp

445/tcp filtered microsoft-ds
```

Why is there a microsoft port open on my gentoo machine?!

and how do i close ftp/smtp/ms-ds?

----------

## tam1138

You used nmap to scan "localhost" which only gets programs listening on 127.0.0.1.  Try running nmap on your machine's ip address to see what's open instead; you can figure out the IP by running "/sbin/ifconfig" and choosing the interface that isn't lo.

----------

## asiobob

not all programs listen on localhost as tam1138 has said, its more important to scan the interface that connects you to the internet which could be ppp or eth0

Are you running a FTP server etc??

Are you sure your friend scanned your computer and not perhaps an ISP box?

----------

## zhenlin

You can't nmap yourself.

For some reason, all attempts to connect to yourself somehow bypass firewalls and filter rules not on loopback.

----------

## gen2newB

```

nmap localhost -p 1-65554

```

that will get it to scan all your ports on your own computer.

----------

## tam1138

 *gen2newB wrote:*   

> 
> 
> ```
> 
> nmap localhost -p 1-65554
> ...

 

This will only report ports listening on 127.0.0.1 (localhost), it will not report ports listening on other addresses/interfaces.  Knowing what is listening on 127.0.0.1 is nice, but it's not very useful; indeed, it's pretty useless if you're doing a security audit where was REALLY matters is what ports are being listened to on externally-accessible interfaces and addresses.

This is why it's better to run "netstat -l" locally and to run nmap from another machine.

----------

