Develop Reference

port scanning a home network using nmap but can't understand how was nmap able to find open ports ,when more than 1 devices were connected [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 1 year ago.
Improve this question
I saw a video in which a person scanned a public IP(it was his SOHO network) using nmap. It showed all the open ports and other info but I don't understand how can nmap scan ports and tell which are open when there are multiple devices on that network. Is it that nmap scans all the devices on that network using that public IP and then shows a collective result or is it something else?
Link for that video
at 7:43

When NMAP scans an IP, it, in theory only scans the device who is running on that IP.
But there is a catch, if the IP that the NMAP scans is a device with port forwarding, it will forward the scan for that port to the device that the port forwarding is directed at.
To give you an example, I will define few stuff
You have 3 devices, 1 router that has a public IP, 2 servers that are
behind the router.
We will be scanning 4 ports, 10, 20, 30, 40
Port 10 is open on the router itself, its used for public communication
Port 20 is not opened on the router and its not being port forwarded
Port 30 is being port forwarded to Server 1, who has that port open
Port 40 is being port forwarded to Server 2, but that server doesn't have that port open
In the results on NMAP, you will get the following result.
Ports 10 and 30 will show up as open, while ports 20, 40, will show up closed or maybe filtered
So while we only scanned the one public IP and one device on that IP, we can see the device that is behind the router.
But that is only possible because when we try to connect to a port on a router, the router is saying:
"Okay, this connection is trying to go to port 30, I have a configuration here that says that port 30 should go to Server 1 on that port, I will redirect the traffic to that server and then when I get the response from the server, I will redirect to the device that made the request"

Port tunnelling from behind firewall to remote server via VNC'd laptop? [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
I have a command-line application on linux that uses a specific port to talk to a remote server. Unfortunately, at work, that port is blocked.
I am able to connect my laptop via VNC to the network, and the laptop is on a wifi connection that does have port access to the remote server. I am able to ssh to my laptop from the secure network when it is connected.
Is there a way of using ssh port tunnelling to work around this? Can I port tunnel to my laptop and have my laptop act as a middle-man between the firewalled network and the remote server?
Many thanks.

If I understood you correct you can call ssh from where you are to reach your laptop. Then you should be able to do something like this:
ssh -f -N -L <local port>:<remote server ip or hostname>:<remote server port> <laptop ip or hostname>
This will create start a tcp listening port on the host where ssh originates that forwards to your remote host and port via the machine you ssh to.
Excerpts from https://man.openbsd.org/ssh
-L [bind_address:]port:host:hostport
-L [bind_address:]port:remote_socket
-L local_socket:host:hostport
-L local_socket:remote_socket
Specifies that connections to the given TCP port or Unix socket on the local
(client) host are to be forwarded to the given host and port, or Unix
socket, on the remote side. This works by allocating a socket to listen to
either a TCP port on the local side, optionally bound to the specified
bind_address, or to a Unix socket. Whenever a connection is made to the
local port or socket, the connection is forwarded over the secure channel,
and a connection is made to either host port hostport, or the Unix socket
remote_socket, from the remote machine.
Port forwardings can also be specified in the configuration file. Only the
superuser can forward privileged ports. IPv6 addresses can be specified by
enclosing the address in square brackets.
By default, the local port is bound in accordance with the GatewayPorts
setting. However, an explicit bind_address may be used to bind the
connection to a specific address. The bind_address of “localhost” indicates
that the listening port be bound for local use only, while an empty address
or ‘*’ indicates that the port should be available from all interfaces.
-f
Requests ssh to go to background just before command execution. This is
useful if ssh is going to ask for passwords or passphrases, but the user
wants it in the background. This implies -n. The recommended way to start
X11 programs at a remote site is with something like ssh -f host xterm.
If the ExitOnForwardFailure configuration option is set to “yes”, then a
client started with -f will wait for all remote port forwards to be
successfully established before placing itself in the background.
-N
Do not execute a remote command. This is useful for just forwarding ports.

Google Compute Engine default firewall port 80

I've searched around, watched the quick start videos and I'm not seeing many accepted answers.
I'm running Centos 7 on google compute engine. I'm using the default firewall and I've selected to allow http and https traffic during the setup. However I am not able to connect to the webservice and I believe the port is still closed.
here's the output from nmap:
Starting Nmap 6.47 ( http://nmap.org ) at 2015-01-22 12:04 CST
Nmap scan report for xxxxxx
Host is up (0.072s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
22/tcp open ssh
646/tcp filtered ldp
Nmap done: 1 IP address (1 host up) scanned in 3.70 seconds
Is that correct considering the default firewall rules are to allow http, https, icmp, internal, rdp, and ssh?
One suggestion was to modify iptables rules or stop the service. I tried that and the service was not running.
I've also tried deleting and recreating the default firewall http rule to no effect. My instance has the same tags as the rule as well. I even tried starting another project in case something was wrong at that level. That didn't work either. I also tried another linux distribution in case it was a centos 7 issue, but that gave the same results.

If no service is running on port 80, nmap will not show it as open. Try to run an httpd service on port 80 and then try nmap, you will see the port as open

SSH connection screwed up after VPN connection established [closed]

Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 6 years ago.
Improve this question
for my problem I searched a lot but did not find a feasible solution, so I thought to my self to place a question in here.
The problem:
I have a remote server (lets call it A) and a local computer (lets
call it B), both running Ubuntu 14.04. I could establish a reversed
SSH tunnel connecting A and B by doing so At server A: ssh -R
2014:localhost:22 userb#B At the local computer B: ssh -p 2014
usera#localhost
where user-a and user-b are two users at A and B, respectively.
Now, I connect A to a VPN. After the VPN connection is successfully
established, the currently openning ssh session does not respond
anymore. Also, I cannot ssh into A anymore until after I killed the
VPN connection.
Is there a way to let both SSH and VPN be happy? Perhaps to separate the SSH session from VPN ? (I found something called split tunneling but did not really understand it). Could someone enlightens me on this?

This may be a bit late, but ...
The problem is that the default gateway gets changed by OpenVPN, and that breaks your current SSH connection unless you set up appropriate routes before you start OpenVPN.
What follows works for me. It uses iptables and ip (iproute2). Below, it is assumed that the default gateway interface before OpenVPN is started is "eth0". The idea is to ensure that when a connection to eth0 is made, even if eth0 is not the default gateway interface anymore, response packets for the connection go back on eth0 again.
You could use the same number for the connection mark, firewall mark and routing table. I used distinct numbers to make the diffences between them more apparent.
# set "connection" mark of connection from eth0 when first packet of connection arrives
sudo iptables -t mangle -A PREROUTING -i eth0 -m conntrack --ctstate NEW -j CONNMARK --set-mark 1234
# set "firewall" mark for response packets in connection with our connection mark
sudo iptables -t mangle -A OUTPUT -m connmark --mark 1234 -j MARK --set-mark 4321
# our routing table with eth0 as gateway interface
sudo ip route add default dev eth0 table 3412
# route packets with our firewall mark using our routing table
sudo ip rule add fwmark 4321 table 3412
===
UPDATE:
The above works fine for me on Debian Jessie. But on an older Wheezy system I have just found that I need to add "via" to the routing table entry:
# our routing table with eth0 as gateway interface
sudo ip route add default dev eth0 via 12.345.67.89 table 3412
There "12.345.67.89" must be the original non-VPN gateway.

VPN screws up your route table by modifying your default gateway toward the new tunnel interface. The funny thing is that you can't initiate a new ssh connection afterward.
So you are saying that ssh -R 2014:localhost:22 userb#B wouldn't connect when going through your VPN?
What is traceroute saying? (Once VPN loaded). Don't you have any kind of port limitation with your vpn provider? If you are using a commercial one I mean.
--- EDIT
Your best try would be, while connected to VPN, from server A :
telnet B 22
To see if you can make a simple TCP SYN to destination. Anyway I'd be surprised hidemyass wouldn't let your ssh traffic going through.
To recap, your VPN is configured on your server?
You are trying to connect from your server B to your client A, through your VPN?
You should be able to traceroute to your VPN public address (which you can get with whatismyip.com for example).
You could check as well on your client for remote packets, coming from your server :
tcpdump -nnXs 0 -i eth0 host ip.of.vpn

ports on computer and firewall and it's purpose - 101 question [closed]

Closed. This question is off-topic. It is not currently accepting answers.
Want to improve this question? Update the question so it's on-topic for Stack Overflow.
Closed 13 years ago.
Improve this question
Ok, computers have ports for applications to transfer data from the outside world into a firewall and then into a computer.
Then how does firefox and internet explorer use the same port on the same computer?
And why can't we use port 80 to pass all traffic from all places into the computer.
So why do we need specific ports?

It's not the ports on local that are important generally. It's the remote ports.
So when you open a browser and go to a site, you are establishing a connection from a (somewhat) random port on your end, to port 80 on the server end. The server responds back to you on the same connection. Web servers use TCP/IP, so this is what is called and established connection. If you were to go look at netstat -an on the server you connected to during web traffic, that is exactly what you would see:
tcp 0 0 ::ffff:192.168.1.223:22 ::ffff:192.168.1.230:2369 ESTABLISHED
That line says that my local machine has established a connection to my remote machine on port 22. My local machine picked a random outgoing port of 2369 to make this connection.
In this case, this is an ssh connection to my webserver in the basement.
Ports that servers should use for a particular service are listed here, but if you are going to control both ends of the connection, there is nothing stopping you from running a webserver on port 8383 if you wanted to. Just don't expect anyone else to get to it without you telling them about it. (or it being found in a port scan).
If you were running a webserver on your computer, it would open port 80 and listen for connections. Only one service can be LISTENing per IP address, so you couldn't run two web servers at once. Same thing if you then connected to your local webserver. You'd open a random local port and connect to your local port 80 on the same IP.
The opening the random local port is what allows you to have multiple local connections to a known remote port like 80.
There are 65536 ports available so it's unlikely you will ever run out, but many have 'well known' usages and are therefore avoided for your end of the connection. Generally everything above 1023 is fair game though. ( All services which require any kind of priviledge run on ports below 1023 )
This is a TCP/IP connection. TCP/IP has internal language to ensure the reliable delivery of information and does a handshake at the open of every connection to ensure the data can be transmitted.
Another common type of connection would be UDP. UDP does not establish a connection and is therefore a bit faster and has lower latency, but the programs that use it must be able to loose information and still work. It's basically a send off the data and pray protocol. Many online games work this way.

Each connection has a source and destination port. This is what allows you to have multiple connections from your machine to (say) a web server running on port 80. Connections are uniquely identified by SourceIP:SourcePort and DestIP:DestPort.
So in your example, Firefox and IE will be using the same port on the remote web server (port 80), but will have a different ports on your machine to tell them apart.
Try running netstat in a command prompt to see current connections.

ports can be used for anything, but there are conventions of the protocols to expect on certain ports.
and you can use 80 for other functions, some people do that as a simple way of bypassing firewalls...
however, only 1 application can be listening on a port.

Some netstat output can show you what's going on:
C:\Temp> netstat -an
TCP 192.168.XXX.150:1493 74.125.45.100:80 ESTABLISHED
TCP 192.168.XXX.150:1504 69.59.196.213:80 ESTABLISHED
TCP 192.168.XXX.150:1507 74.125.91.138:80 ESTABLISHED
TCP 192.168.XXX.150:1510 65.55.11.162:80 ESTABLISHED
TCP 192.168.XXX.150:1518 69.59.196.211:80 ESTABLISHED
TCP 192.168.XXX.150:1519 69.59.196.216:80 ESTABLISHED
TCP 192.168.XXX.150:3711 64.208.186.96:80 CLOSE_WAIT
Note that the 192.168.XXX.150 address is my computer's address on my home network. The 4 digit numbers following the IP address are the local port my computer is using to communicate with port 80 on a bunch of different servers.