There are three categories of ports in a Linux system:

• Well-known ports: These are the ports that are reserved for specific services and are assigned by the Internet Assigned Numbers Authority (IANA). Some examples of well-known ports are 22 for SSH, 80 for HTTP, and 443 for HTTPS.
• Registered ports: These are the ports that are registered with the IANA for specific purposes but are not reserved for specific services. These ports are typically used by specific applications or protocols.
• Dynamic and/or private ports: These are the ports that are not reserved or registered with the IANA and can be used by any application or protocol. These ports are typically used for temporary or ephemeral connections.

In this article, we will cover several methods for checking open ports in Linux.

How to Check Open Ports in Linux

To check open or listening ports in Linux, you can use the `netstat`, `ss`, `lsof`, and `nmap` commands.

Using the `netstat` Command

The `netstat` command is a utility that displays network connections, routing tables, and a variety of network statistics. To check open ports in Linux with `netstat`, follow these steps:

Open a terminal window and run the following command:

sudo netstat -tulpn 

The -t flag displays TCP connections, the -u flag displays UDP connections, the `-l` flag displays listening sockets, the `-p` flag displays the PID and name of the process, and the `-n` flag displays numerical addresses instead of symbolic names.

Output
Proto Recv-Q Send-Q Local Address     Foreign Address   State       PID/Program name
tcp        0      0 0.0.0.0:22        0.0.0.0:*         LISTEN      534/sshd: /usr/sbin
tcp        0      0 127.0.0.53:53     0.0.0.0:*         LISTEN      347/systemd-resolve
tcp6       0      0 :::80             :::*              LISTEN      245266/apache2
tcp6       0      0 :::22             :::*              LISTEN      534/sshd: /usr/sbin
udp        0      0 0.0.0.0:5353      0.0.0.0:*                     409/avahi-daemon: r
udp        0      0 0.0.0.0:52848     0.0.0.0:*                     409/avahi-daemon: r

The output of the command will show a list of open ports and the corresponding processes.

Using the `lsof` Command

The `lsof` command is a utility that lists open files on a system. To check open ports in Linux with lsof, follow these steps:

Open a terminal window and run the following command:

sudo lsof -i 

The -i flag specifies the Internet address of a file.

Output
COMMAND      PID            USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
systemd-r    347 systemd-resolve   13u  IPv4  25561      0t0  UDP 127.0.0.53:domain
systemd-r    347 systemd-resolve   14u  IPv4  25562      0t0  TCP 127.0.0.53:domain (LISTEN)
avahi-dae    409           avahi   12u  IPv4  26700      0t0  UDP *:mdns
avahi-dae    409           avahi   14u  IPv4  26702      0t0  UDP *:52848
sshd         534            root    3u  IPv4  27554      0t0  TCP *:ssh (LISTEN)
sshd         534            root    4u  IPv6  27589      0t0  TCP *:ssh (LISTEN)
sshd        4675            root    4u  IPv4 136177      0t0  TCP 192.168.1.210:ssh->192.168.1.10:52623 (ESTABLISHED)
apache2   245266            root    4u  IPv6 686069      0t0  TCP *:http (LISTEN)
apache2   245269        www-data    4u  IPv6 686069      0t0  TCP *:http (LISTEN)

The output of the command will show a list of open ports and the corresponding processes.

You can also check for the specific port number:

sudo lsof -i :80 

Using the `ss` command

The `ss` command is a utility that displays network sockets and their associated connections. To check open ports in Linux with `ss`, follow these steps:

Open a terminal window and run the following command:

ss -tulpn 

The `-t` flag displays TCP connections, the `-u` flag displays UDP connections, the `-l` flag displays listening sockets, the `-p` flag displays the PID and name of the process, and the `-n` flag displays numerical addresses instead of symbolic names.

The output of the command will show a list of open ports and the corresponding processes.

Using the `nmap` Command

The `nmap` command is a utility that scans networks for hosts and services. To check open ports in Linux with `nmap`, follow these steps:

Open a terminal window and run the following command:

nmap -p- localhost 

The `-p-` flag specifies a range of ports to scan. The `-` indicates that all ports should be scanned.

The `localhost` argument specifies the target host to scan.

The output of the command will show a list of open ports on the target host.

Conclusion

In this article, we covered several methods for checking open ports in Linux. We covered using the `netstat`, `ss`, `lsof`, and `nmap` commands to display a list of open ports and the corresponding processes. By using these methods, you can easily check open ports on your Linux system.

I hope this helps you understand how to check open ports in Linux. If you have any further questions, please don’t hesitate to ask.

The post How to Check Open (Listening) Ports in Linux appeared first on TecAdmin.

TOP 10 KALI LINUX TOOLS:

1. Nmap (Network Mapper)
2. Wireshark
3. John the Ripper
4. THC Hydra
5. Better cap
6. Autopsy
7. Sqlmap
8. Burp Suite Scanner
9. Lynis
10. Netcat

1. Nmap (Network Mapper):

Network Mapper also known as Nmap, is a very simple and open source scanning tool used in Kali Linux, that works by sending packets and analyzing responses to uncover the host and services on a computer network. Nmap allows us to scan a system or scan a network. It sends packets to the host computer and then analyzes the response to create the desired result. Nmap tool allows you to scan all open ports, host discovery, NetBIOS, and even OS detection. Nmap is one of the best and most widely used Kali Linux tools for performing cyber attacks.

You can also install Nmap on any operating system. Here is a few basic uses of Nmap commands:

namp 192.168.0.1          ## Scan a single host 
namp 192.168.0.1-10       ## Scan a IP range 
namp 192.168.0.0/24       ## Scan a entire subnet 

2. Wireshark:

Wireshark is very famous among other Kali Linux tools. It is commonly defined as a network sniffer. By sniffing, we mean that it captures and analyze packets. This tool is used for network analysis which is commonly used for network security. It can analyze the data sent over a network in packets. Every packet has detailed information, including transmit time, source and destination IP addresses, type of protocol, and header data. These packets files have an extension of .pcap. These pcap files can be analyzed using Wireshark.

How to use Wireshark: You can use any pcap file and open it in Wireshark, and you will see the list of packets is displayed

3. John the Ripper:

John the Ripper is pre-packed in the pen-testing versions of Kali Linux.

John the Ripper is mainly an open-source password cracker commonly used during pen-testing exercises to help IT staff spot weak passwords and identify poor password policies. It is available for a huge number of operating systems. It also incorporates its wordlists of the maximum possible passwords available for 20+ languages. JtR wordlists provide a huge number of possible passwords from which it can create the comparing hash values to guess the target password. Since most people decide on simple to-recall passwords, it is regularly extremely successful, even with its out-of-the-crate wordlists of passwords.

JtR performs encryption on the hashed data and compares it to a file consisting of possible passwords. It simply stops hashing when it finds a match for the password.

4. THC Hydra:

THC Hydra is an extremely well-known, parallelized, and fast password cracker, making it possible for specialists and security experts to achieve access to any remote system. It is very easy to add new modules in hydra. It is a login cracker that works by using different approaches such as it uses a dictionary/brute-force attack against a number of applications. It makes a comparison of passwords using brute force attack or dictionary attack. When any of the web applications typically depend on login credentials for the user’s safety, a hacker or a pentester can easily use hydra to gain these credentials. It can automatically carry out rapid dictionary attacks against numerous protocols.

5. Better cap:

Bettercap is one of the top and very impressive Kali Linux tools. Better cap conducts Man-In-The-Middle attack. It is also capable of manipulating HTTP, HTTPS, and TCP traffic. In other words, it is also called the updated or better version of the Ettercap tool, which was used earlier, it means it does everything Ettercap did, but in this case, we do not need additional programs and a lot of open consoles.

BetterCap can crack SSL/TLS, HSTS, HSTS Preloaded. It uses SSLstrip+ and DNS server (dns2proxy) to perform a partial HSTS bypass. In this way, SSL/TLS connections are terminated. The downstream connection, however, between client and attacker remains decrypted and does not use SSL/TLS encryption. Bettercap also features performing attacks on wireless networks. It can also perform network monitoring and WiFi monitoring.

6. Autopsy

An Autopsy is basically a major tool of digital forensics, which comes pre-installed within Kali Linux. It is a graphical interface that is used to collect information from forensics. In the investigation process, we need to determine what happened and make use of Autopsy to investigate files or logs to learn what was done within the system. It can produce a real-time result, which makes it more compatible than other forensics tools.

In addition to the investigation process, an autopsy is also used to recover files from a memory card or a pen drive as recovery software.

Relatedly, the autopsy is a faster, stronger, and more efficient solution for the investigation of a hard drive.

How to use autopsy tool: As it is already pre-installed in kali Linux, just simply open the terminal and type autopsy.

7. Sql map

Sqlmap is specially designed to detect and take benefit of SQL injection vulnerabilities in web applications. Once it detects any of the SQL injections on the underlying target host, the user can choose among a variety of options to retrieve the DBMS session user and database, carry out an extensive back-end database management system fingerprint, enumerate users, password hashes, and a lot more

Sqlmap tool is generally considered one of the most useful tools to carry out SQL injection attacks. It automates the procedure of exploiting the SQL injection. SQL injection attacks are vulnerable as it gains control over the databases that use SQL. Sqlmap is a testing parameter for SQL injection flaws that is mainly used in penetration testing. It automates the exploitation of vulnerable parameters. It is an effective tool of Kali Linux as it detects the database by itself, so we have to equip a URL to check the vulnerable URL parameter. We can rather use the requested file to check for POST parameters.

8. Burp Suite Scanner:

Burp Suite Scanner is an incredible web security analysis tool. It is usually very famous for investigating vulnerabilities and also performing pen-testing. It is commonly known as “Burp”, which works As a proxy-based tool. Burp offers a GUI and many advanced tools, unlike other web application security scanners. Burp can be useful to determine the security of a web application and is majorly used for hands-on testing.

Nevertheless, the community edition exclusively specifies some fundamental manual tools’ features. For experts, you will have to suppose upgrading. Equivalent to the previous tool, this isn’t open-source either.

Using burp, a user controls all the actions that are performed. Its main function is to convey an HTTP request amongst the burp tools to perform specific tasks.

9. Lynis:

Lynis is a versatile tool that can be used for many different purposes, whether it is vulnerability detection, penetration testing, system hardening, compliance testing, or security auditing. Lynis can use only the available system tools and libraries, so it has modular and opportunistic scanning. The good side is that it needs no installation of other tools, so in this way, you can keep your systems tidy.

If you use lynis, this tool can execute with almost zero reliances. In addition to that, no audit will be the same, which means the more components it discovers, the more comprehensive the audit will be performed. Scans are tailored to your system.

For example, When Lynis scans that you are operating Apache, it will conduct `a test related to Apache. While performing the typical Apache tests, it may also uncover an SSL/TLS configuration. It then conducts additional auditing measures based on that. A good example is gathering any found certificates so that they can be scanned later as well.

10. Netcat

Netcat comes pre-installed with Kali Linux. Netcat also abbreviated as “nc”, uses TCP or UDP ports for reading and writing to a network connection. It is a networking tool that can perform various port scanning and port listening/port redirection.

Netcat is a back-end tool, which helps as a back door into other networked systems which means that you can transfer files directly through netcat.

This command can also be used in Network Debugging and can also be used for daemon testing. Netcat is also regarded as the pocket knife of networking tools.

To use netcat, you will use terminal and type nc or netcat. To use this tool, we can also do port listening as shown in the screenshot using separate terminals.

Conclusion

These are a few of many Kali Linux tools. These users are generally used by ethical hackers and also penetration testers. Kali Linux is developed actively by offensive security. Many of these tools come pre-installed with Kali Linux and as far as their usage is concerned, most of them are extremely easy to use. Infosec companies and ethical hackers make use of its most common security distribution.

These tools are carefully added in Kali Linux after reviewing BackTrack, as many tools are eliminated that did not work or had similar functionality.

The post Top 10 Ethical Hacking Tools in Kali Linux appeared first on TecAdmin.

In order to detect various available hosts on the network, the services they’re offering, the version of operating system they’re running, and the type of firewall they are using, nmap uses the raw IP address. Whenever we’re having connectivity issues of network or firewall configuration, the first thing we check is which ports are open.

There are several commands available to check open ports and scan them on your system, but nmap is the most used command for this purpose. In this article, we’ll discuss how to scan all open ports with nmap on your Linux system.

Open Ports

Applications listen to various network ports and these ports can be open or closed through a firewall. Here open ports are those that are accepting incoming packets from a location and they can pose a security risk as such ports can be used by various attackers.

Hence, we need to keep a check on ports that are open and close all the unnecessary ones not needed for any functionality. In order to scan various open ports on our system, we’ll use the command nmap.

Installing Nmap

Before scanning any open ports we need to have nmap installed on our Linux system. Use one of the following options to install nmap on your system first:

• On Ubuntu, Debian, & Linux Mint

  sudo apt update && sudo apt install namp 
  

• On CentOS, RHEL, & Fedora

  Now that our packages are updated we’re all set to install nmap and for this execute the command given below:

  sudo dnf install nmap
  

Scanning of ports using nmap command

We can scan any port, a range of IP addresses, or any host we can use the nmap command in the following way:

01. To scan a hostname we can execute the following commands:

sudo nmap localhost

Output
Starting Nmap 7.80 ( https://nmap.org ) at 2021-10-02 10:19 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.0000050s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql

Nmap done: 1 IP address (1 host up) scanned in 0.13 seconds

You can also run nmap without sudo but an unprivileged scan uses -sT (TCP Connect) while privileged (root) uses -sS (TCP SYN Stealth).

02. To tell nmap to scan all the TCP ports we use “sT” along with nmap and “-O” is used here for OS detection.

sudo nmap -sT -O 127.0.0.1

The output shows that 80, 443, and 3306 ports are open.

Output
Starting Nmap 7.80 ( https://nmap.org ) at 2021-10-02 10:23 UTC
Nmap scan report for localhost (127.0.0.1)
Host is up (0.000080s latency).
Not shown: 997 closed ports
PORT     STATE SERVICE
80/tcp   open  http
443/tcp  open  https
3306/tcp open  mysql
Device type: general purpose
Running: Linux 2.6.X
OS CPE: cpe:/o:linux:linux_kernel:2.6.32
OS details: Linux 2.6.32
Network Distance: 0 hops

OS detection performed. Please report any incorrect results at https://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 1.76 seconds

03. In case we want to perform a SYN scan that performs only half of the tcp handshakes we use “-sS” along with the nmap command in the following way:

 sudo nmap -sS 127.0.0.1

04. In order to tell nmap to scan all the UDP ports instead of TCP we use “-sU” and we’ll specify the port 80, 130 and 255 using -p along with nmap command:

sudo nmap -sU -p 80,130,255 127.0.0.1

Here the output shows that all the UDP ports that we specified in order to scan are closed.

Scan using “-v” with nmap

05. In order to get more information about the system and open ports you’ve to use the “-v” option along with nmap as we did in the below example:

sudo nmap -v 127.0.0.1

06. This way we can get all the detailed information about the machine as well as all the ports that are open.

sudo nmap -v 10.0.2.15

Scan multiple hosts with nmap

07. More than one hostname or IP addresses can be scanned using nmap by simply mentioning them with space in between as below:

sudo nmap 127.0.0.1 127.0.0.2 127.0.0.3

Scan single or multiple ports

08. Nmap can be used to scan various ports as well as a specific port as demonstrated below by the example:

sudo nmap -p 80 127.0.0.1 

09. Here we’re scanning the port 80 on the provided ip address with the output telling us that it is closed. Now to scan a range of ports from 1-200 we’ll use the below command:

sudo nmap -p 1-200 127.0.0.1

10. Now to perform a fast scan on the system we use “-F” along with the nmap command in the following way:

sudo nmap -F 127.0.0.1

Scan whole subnet with nmap

11. In case you want to scan the whole range of IP or subnet we use “*” in the following way:

sudo nmap 127.0.0.* 

This command scanned the whole subnet and provided us the result of each host and ports available on them.

In this way, we can perform various scans on IP addresses, specific hosts and check all the ports. Furthermore, a specific port or range of ports can be specified as shown above in the examples.

Conclusion

Checking ports open on a network is extremely crucial as any open port can easily be attacked by hackers and cause security threats. That’s why it is important to perform a scan and check all the open ports and if they’re not in use, close them.

Nmap is the command commonly used for the purpose of scanning the ports. In this article, we discussed how to scan open ports on Linux systems using nmap along with examples to demonstrate the use of these and various options to further specify the use.

The post How to Scan Open Ports with Nmap appeared first on TecAdmin.