How to do a Port Scan in Linux

29/12/2020
Port scanning is a process to check open ports of a PC or a Server. Port scanners are often used by gamers and hackers to check for available ports and to fingerprint services. There are two types of ports to scan for in TCP/IP Internet Protocol, TCP(Transmission Control Protocol) and UDP(User Datagram Protocol). Both TCP and UDP have their own way of scanning. In this article, we’ll look at how to do port scan in Linux environment but first we’ll take a look at how port scanning works. Note that port scanning is illegal in often countries, make sure to check for permissions before scanning your target.

TCP Scanning

TCP is stateful protocol because it maintains the state of connections. TCP connection involves a three-way handshaking of Server socket and client-side socket. While a server-socket is listening, the client sends a SYN and then Server responds back with SYN-ACK. Client then, sends ACK to complete the handshake for the connection

To scan for a TCP open port, a scanner sends a SYN packet to the server. If SYN-ACK is sent back, then the port is open. And if server doesn’t complete the handshake and responds with an RST then the port is closed.

UDP Scanning

UDP on the other hand, is a stateless protocol and doesn’t maintain the state of connection. It also doesn’t involve three-way handshake.

To scan for a UDP port, a UDP scanner sends a UDP packet to the port. If that port is closed, an ICMP packet is generated and sent back to the origin. If this doesn’t happen, that means port is open.

UDP port scanning is often unreliable because ICMP packets are dropped by firewalls, generating false positives for port scanners.

Port Scanners

Now that we’ve looked at how port scanning works, we can move forward to different port scanners and their functionality.

Nmap

Nmap is the most versatile and comprehensive port scanner available till now. It can do everything from port scanning to fingerprinting Operating systems and vulnerability scanning. Nmap has both CLI and GUI interfaces, the GUI is called Zenmap. It has a lot of varying options to do quick and effective scans. Here’s how to install Nmap in Linux.

sudo apt-get update
sudo apt-get upgrade -y
sudo apt-get install nmap -y

Now we’ll use Nmap to scan a server (hackme.org) for open ports and to list services available on those ports, its really easy. Just type nmap and the server address.

nmap hackme.org

To scan for UDP ports, include -sU option with sudo because it requires root privileges.

sudo nmap -sU hackme.org

There are a lot of other options available in Nmap such as:

-p- :     Scan for all 65535 ports
-sT :     TCP connect scan
-O  :     Scans for operating system running
-v  :     Verbose scan
-A  :     Aggressive scan, scans for everything
-T[15] : To set the scanning speed
-Pn :     In case the server blocks ping

Zenmap

Zenmap is a GUI interface of Nmap for click-kiddies so that you won’t have to remember its commands. To install it, type

sudo apt-get install -y zenmap

To scan a server, just type its address and select from available scan options.

Netcat

Netcat is a raw TCP and UDP port writer which can also be used as a port scanner. It uses connect scan that’s why it is not so fast like Network Mapper. To install it, type

ubuntu@ubuntu:~$ sudo apt install netcat-traditional -y

To check for an open port, write

ubuntu@ubuntu:~$ nc -z -v hackme.org 80
…snip…
hackme.org [217.78.1.155] 80 (http) open

To scan for a range of ports, type

ubuntu@ubuntu:~$ nc -z -nv 127.0.0.1 2080
(UNKNOWN) [127.0.0.1] 80 (http) open
(UNKNOWN) [127.0.0.1] 22 (ssh) open

Unicornscan

Unicornscan is a comprehensive and fast port scanner, built for vulnerability researchers. Unlike Network Mapper, it uses its own User-land Distributed TCP/IP stack. It has a lot of features that Nmap doesn’t, some of them are given,

  • Asynchronous stateless TCP scanning with all variations of TCP Flags.
  • Asynchronous stateless TCP banner grabbing
  • Asynchronous protocol specific UDP Scanning (sending enough of a signature to elicit a response).
  • Active and Passive remote OS, application, and component identification by analyzing responses.
  • PCAP file logging and filtering
  • Relational database output
  • Custom module support
  • Customized data-set views

To install Unicornscan, type

ubuntu@ubuntu:~$ sudo apt-get install unicornscan -y

To run a scan, write

ubuntu@ubuntu:~$ sudo us 127.0.0.1
TCP open ftp[ 21] from 127.0.0.1 ttl 128
TCP open smtp[ 25] from 127.0.0.1 ttl 128
TCP open http[ 80] from 127.0.0.1 ttl 128
…snip…

Conclusion

Ports scanners come in handy whether you are a DevOp, Gamer or a Hacker. There is no real comparison between these scanners, none of them is perfect, each of them has its benefits and drawbacks. It completely depends upon your requirements and how you use them.

ONET IDC thành lập vào năm 2012, là công ty chuyên nghiệp tại Việt Nam trong lĩnh vực cung cấp dịch vụ Hosting, VPS, máy chủ vật lý, dịch vụ Firewall Anti DDoS, SSL… Với 10 năm xây dựng và phát triển, ứng dụng nhiều công nghệ hiện đại, ONET IDC đã giúp hàng ngàn khách hàng tin tưởng lựa chọn, mang lại sự ổn định tuyệt đối cho website của khách hàng để thúc đẩy việc kinh doanh đạt được hiệu quả và thành công.
Bài viết liên quan

hping3 flood ddos

This tutorial focuses on DDOS (Distributed Denial of Service) attacks using the hping3 tool. If you are already familiarized...
29/12/2020

How to Send Linux Logs to a Remote Server

The main reason to apply remote logging is the same reason because of which a dedicated /var partition is recommended:...
29/12/2020

Driftnet on Debian: Sniffing images within a network

In this tutorial we’ll sniff a network to intercept graphical content from the devices’ traffic.We’ll learn how to...
29/12/2020
Bài Viết

Bài Viết Mới Cập Nhật

Reliable IPv4 and IPv6 Subnet Rental Services: The Perfect Solution for Global Businesses
23/12/2024

Tìm Hiểu Về Thuê Proxy US – Lợi Ích và Cách Sử Dụng Hiệu Quả
11/12/2024

Mua Proxy V6 Nuôi Facebook Spam Hiệu Quả Tại Onetcomvn
03/06/2024

Hướng dẫn cách sử dụng ProxyDroid để duyệt web ẩn danh
03/06/2024

Mua proxy Onet uy tín tại Onet.com.vn
03/06/2024