This is Ubuntu 12.04 env. I have a TCP service running on port 8020 on the box:
My question is:
Why port 8020 is not discovered in nmap as an open port while nestat says it's listening?
if i run
netstat -tuplen
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State User Inode PID/Program name
tcp 0 0 127.0.0.1:9001 0.0.0.0:* LISTEN 0 10564 1917/python
tcp 0 0 127.0.0.1:8020 0.0.0.0:* LISTEN 117 29259 4448/java
But if i run
nmap -v -sT 127.0.0.1
Starting Nmap 5.21 ( http://nmap.org ) at 2012-08-10 08:51 PDT
Initiating Connect Scan at 08:51
Scanning localhost (127.0.0.1) [1000 ports]
Discovered open port 53/tcp on 127.0.0.1
Discovered open port 22/tcp on 127.0.0.1
Discovered open port 9000/tcp on 127.0.0.1
Discovered open port 631/tcp on 127.0.0.1
Discovered open port 9001/tcp on 127.0.0.1
Completed Connect Scan at 08:51, 0.04s elapsed (1000 total ports)
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00046s latency).
rDNS record for 127.0.0.1: hadoop-namenode-01
Not shown: 995 closed ports
PORT STATE SERVICE
22/tcp open ssh
53/tcp open domain
631/tcp open ipp
9000/tcp open cslistener
9001/tcp open tor-orport
Read data files from: /usr/share/nmap
Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds
Raw packets sent: 0 (0B) | Rcvd: 0 (0B)
By default nmap doesn't scan all ports. try this one.
nmap -sT -sU -p- 127.0.0.1
#Satish, you don't need to add -sU which will scan the UDP ports too, and take a while.
nmap -v -p 8020 127.0.0.1
This should be enough and instant.
By default nmap scans only the well know ports.
You specify a port by using the -p parameter.
To scan all ports : nmap -v -p "*" 127.0.0.1
To scan only port 8020 : nmap -v -p 8020 127.0.0.1
Related
tcp 0 0 :::111 :::* LISTEN
Above is the output of netstat -nl | grep 111What is the meaning of :::111 segment?
technet.microsoft.com says that:
Displays active TCP connections, ports on which the computer is
listening, Ethernet statistics, the IP routing table, IPv4 statistics
(for the IP, ICMP, TCP, and UDP protocols), and IPv6 statistics (for
the IPv6, ICMPv6, TCP over IPv6, and UDP over IPv6 protocols). Used
without parameters, netstat displays active TCP connections.
So you can find which addresses and ports are used and listening. for example you want to run a Tomcat server on port 8080. but it used. so you can run:
netstat -ano | find "8080"
output will be something like:
TCP 0.0.0.0:8080 0.0.0.0:0 LISTENING 1185
TCP [::]:8080 [::]:0 LISTENING 1185
It says that process number 1185 is using this port. If it is necessary to use this port you can shutdown the app that use this port and run your server on it by this command:
taskkill /F /PID 1185
#echo off
:myline
netstat -nob
echo.
echo.
ping 127.0.0.1 > %temp%\pingio.txt
goto myline
Put this in a batch file and run it as Administrator to monitor network processes.
I've installed LDAP on a raspberryPI running Raspian, which is a Debian fork I think.
I have a DB and entries and can do an LDAP search successfully from the server if I use -h localhost or -h 127.0.0.1. But if I use the hostname or IP I get an error message:
root#rpi1:~# ldapsearch -d 1 -x -h 10.10.0.11 -b "ou=Groups,dc=pi,dc=home"
ldap_create
ldap_url_parse_ext(ldap://10.10.0.11)
ldap_sasl_bind
ldap_send_initial_request
ldap_new_connection 1 1 0
ldap_int_open_connection
ldap_connect_to_host: TCP 10.10.0.11:389
ldap_new_socket: 4
ldap_prepare_socket: 4
ldap_connect_to_host: Trying 10.10.0.11:389
ldap_pvt_connect: fd: 4 tm: -1 async: 0
attempting to connect:
connect errno: 111
ldap_close_socket: 4
ldap_err2string
ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)
The weird thing for me is that the service is running an listening on the port:
root#rpi1:~# nmap 10.10.0.11
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-30 22:16 UTC
Nmap scan report for rpi1.pi.home (10.10.0.11)
Host is up (0.00017s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
636/tcp open ldapssl
Nmap done: 1 IP address (1 host up) scanned in 26.78 seconds
root#rpi1:~#
root#rpi1:~#
root#rpi1:~#
root#rpi1:~#
root#rpi1:~# nmap localhost
Starting Nmap 6.47 ( http://nmap.org ) at 2015-12-30 22:17 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00018s latency).
Other addresses for localhost (not scanned): 127.0.0.1
Not shown: 996 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
389/tcp open ldap
636/tcp open ldapssl
Nmap done: 1 IP address (1 host up) scanned in 26.82 seconds
You can see that scanning localhost shows that the service is listening on 389, but not if I use the server's IP or hostname.
So I have no way of getting a client on another server to connect, because it only seems to be listening on localhost..... This is beyond my limited understanding I'm afraid.
As far as I can see I am resolving the name ok:
root#rpi1:~# host rpi1
rpi1 has address 10.10.0.11
root#rpi1:~# host rpi1.pi.home
rpi1.pi.home has address 10.10.0.11
root#rpi1:~# host ldap.pi.home
ldap.pi.home has address 10.10.0.11
Proof that the DB is working:
root#rpi1:~# ldapsearch -x -h 127.0.0.1 -b "cn=Bradley Atkins,cn=musedev,ou=Groups,dc=pi,dc=home"
# extended LDIF
#
# LDAPv3
# base <cn=Bradley Atkins,cn=musedev,ou=Groups,dc=pi,dc=home> with scope subtree
# filter: (objectclass=*)
# requesting: ALL
#
# Bradley Atkins, musedev, Groups, pi.home
dn: cn=Bradley Atkins,cn=musedev,ou=Groups,dc=pi,dc=home
cn: Bradley Atkins
givenName: Bradley
gidNumber: 501
homeDirectory: /home/users/batkins
sn: Atkins
loginShell: /bin/sh
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: top
uidNumber: 1001
uid: batkins
# search result
search: 2
result: 0 Success
# numResponses: 2
# numEntries: 1
Can anyone suggest a way forward?
thanks
As the nmap output shows clearly, it's listening at 127.0.0.1, not 0.0.0.0.
folks.Is there away to use nmap to scan for open resolvers in ones network.I have this command from the nmap page but it seems itsnot working
nmap -sU -p 53 --script=dns-recursion <target>
I did the command and It is working as spected.
[root#Golgota /home/test]# nmap -sU -p 53 --script=dns-recursion 8.8.8.8
Starting Nmap 6.47 ( http://nmap.org ) at 2015-02-26 22:39 CET
Nmap scan report for google-public-dns-a.google.com (8.8.8.8)
Host is up (0.021s latency).
PORT STATE SERVICE
53/udp open domain
|_dns-recursion: Recursion appears to be enabled
Nmap done: 1 IP address (1 host up) scanned in 0.50 seconds
I want to open a port on Debian with iptables -A INPUT -p tcp --dport 80 -j ACCEPT, but it's not working. When I scan the localhost:
root#debian:~# nmap -p 80 localhost
Starting Nmap 6.00 ( http://nmap.org ) at 2014-08-27 12:38 CEST
Nmap scan report for localhost (127.0.0.1)
Host is up (0.00033s latency).
Other addresses for localhost (not scanned): 127.0.0.1
PORT STATE SERVICE
80/tcp closed http
Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds
I can't connect with netcat:
root#debian:~# nc -vv localhost 80
localhost [127.0.0.1] 80 (?) : Connection refused
sent 0, rcvd 0
But it's on the iptables:
root#debian:~# iptables -L
...
ACCEPT tcp -- anywhere anywhere tcp dpt:80
...
I've also opened the port to the internet with NAT on my router.
I'm using Debian 3.2.0-4 on i368.
You need something to listen this port to accept connections. Web server for example.
Run this to see if you have a running server that listen 80 port:
netstat -ntlup | grep 80
I'm looking for methods (iptables rules, etc...) to prevent the asterisk version from showing on a nmap udp scan without closing (drop) the port. If I open it for some ip address, a nmap udp scan to port 5060 from this ip address can resolve the asterisk version(nmap -sU -sV -p 5060 <ipaddress>):
PORT STATE SERVICE VERSION
5060/udp open sip Asterisk PBX 1.8.13.0
Is there some way that only shows port 5060 open? Is it possible to hide this asterisk info or change it?
I think you can use pbx info by followin in sip.conf
useragent=SIPClient XXX
But actualy on my host that command show:
[root#pro-sip ~]# nmap -sU -sV -p 5060 78.47.XXX.XXX
Starting Nmap 4.11 ( http://www.insecure.org/nmap/ ) at 2012-12-05 22:35 UTC
Interesting ports on pro-sip.net (78.47.XXX.XXX):
PORT STATE SERVICE VERSION
5060/udp open|filtered sip
Nmap finished: 1 IP address (1 host up) scanned in 52.025 seconds
so maybe on your host it just find some issue and guess it is asterisk version XXX