1

RHEL 6 and Bash. It would be easy if I had a remote server to just run nmap from, or even curl/wget, but I only have access to servers on our side of the firewall.

I know I can manually check using internet-based port scan tools, and I assume the answer will be one of those sites that provide a script than can be accessed via command line. How do I check what ports are opened to the internet on a server, while using that server's Bash shell?

TL;DR I want to be able to check what ports are available externally on my server using Bash on that server.

the
  • 468
  • 8
  • 23
usedTobeaMember
  • 616
  • 15
  • 25
  • You can't do that without being able to inspect upstream devices surely ? – user9517 Aug 25 '14 at 16:52
  • You can't...the upstream devices (firewall) determine what goes in or out, so you have *no* way of knowing what's actually available. – Nathan C Aug 25 '14 at 16:55
  • I thought that there might be a service that allows this, like how you can use wget to get your public IP, I would think a server could very easily use that same concept to then run nmap on that public IP via a CGI script and then return the results. – usedTobeaMember Aug 25 '14 at 16:57
  • There are all sorts of legal issues surrounding services like that. – Michael Hampton Aug 25 '14 at 17:00
  • Those 'services' if they exist aren't what you're asking for in your question. – user9517 Aug 25 '14 at 17:06
  • @lain From my question "I know I can manually check using internet-based port scan tools, and I assume the answer will be one of those sites that provides a script than can be accessed via command line." Isn't it? – usedTobeaMember Aug 25 '14 at 17:23
  • See Vivek Thomas' answer, that is what I was looking for. It is nice that in addition to all the naysayers, that someone can actually address the question asked. – usedTobeaMember Aug 25 '14 at 18:36
  • tail -f /var/log/secure :) – dmourati Aug 26 '14 at 05:20
  • I beg to differ. If your question had been clearer then it wouldn't have needed the commentary for clarification. As it is it now boils down to you looking for a product/service and as such is off topic. – user9517 Aug 26 '14 at 07:03
  • I am not looking for one, I am looking for a solution, whatever it may be. I only said I expect that it would exist via a service, or API of such service. Believe me, I won't be surprised if this gets closed as off topic here. I suppose questions about whois or opendns are off topic here too. This place is schizophrenic. – usedTobeaMember Aug 26 '14 at 13:47

2 Answers2

3

You can use netstat -Wplunt to get a list of every process listening on TCP or UDP ports. This will list a bit more than you want to know about. You can ignore all of the ports bound to ::1 or 127.0.0.1 since those are only accessible to the server itself. The rest are possibly reachable from outside.

How to test the firewall rules is a separate question. I don't know a tool which is quite ready to use for that, but that question has been asked before, and there are some suggestions on how it could be done.

Running a port scan from outside isn't going to give you the most useful data you could want. To the outside world a port which is blocked by the firewall should look the same as one which is open in the firewall but the server isn't listening. This means you need to make two configuration mistakes before it will be visible to the external port scan.

If you configured either the firewall or the server correctly, the external port scan will never reveal the configuration mistake you made in the other place.

That isn't to say an external port scan is entirely useless, but in your standard procedures, you should focus on the two layers separately. A one-off port scan can easily be done from an internet connection at home.

Community
  • 1
kasperd
  • 29,894
  • 16
  • 72
  • 122
  • I thought of this yesterday but it doesn't prove they are available upstream on the 'internet' especially if as the OP suggests there is a firewall in the way. – user9517 Aug 26 '14 at 06:59
  • It is true that you can put a firewall in front of it. But having the process listening on a non-local socket isn't a good idea, if you don't want it to be reachable from outside. This is true with or without a firewall. – kasperd Aug 26 '14 at 07:02
  • I'm sorry I don't understand your comment. There is a firewall upstream. The OP wants to know what is available from the internet side of the firewall. The output of netstat is basically useless for this requirement surely ? – user9517 Aug 26 '14 at 07:06
  • @Iain I have extended the answer to cover that as well. – kasperd Aug 26 '14 at 07:17
0

You could use an external port scan service like you mentioned which provides an API that you can call using Curl/Wget. Here are two services that I found

  1. http://viewdns.info/api/docs/
  2. http://hackertarget.com/port-check/

There would be many other similar services or you could even host something similar on your own, for e.g. -- http://codehill.com/2012/07/a-simple-port-scanner-in-php/

Vivek Thomas
  • 729
  • 4
  • 8