-1

I need to scan the open ports of my server. I tried nmap by: nmap ***.dyndns.info from within my local network. It gave me:

Starting Nmap 5.21 ( http://nmap.org ) at 2011-04-09 16:05 JST
Nmap scan report for ***.dyndns.info (***.***.***.39)
Host is up (0.00097s latency).
rDNS record for ***.***.***.39: ************.ne.jp

Not shown: 994 closed ports
PORT      STATE    SERVICE
23/tcp    open     telnet
53/tcp    open     domain
80/tcp    open     http

Then I tried the open ports tool provided by dyndns.com by specifying a specific port like:

global ip address 23
global ip address 53
global ip address 80

For each of those tests, it gave me "timed out" as a result, which is contradictory with the nmap results.

I know that depending on the way that nmap performs the tests, it may turn out that the result is "open".

So, I think the best way to test the ports of a given server is from outside, like the dyndns open ports tool. But I'd like to test all ports at once, as opposed to one by one.

Is there any reliable tool for that, especially that I can use in command line? I am on ubuntu 10.10.

Jørgen R
  • 10,568
  • 7
  • 42
  • 59
uploada
  • 39
  • 1
  • 2
  • 4

2 Answers2

0

Try Gibson Research Corporation ShieldsUP. It will test your firewall.

Black Frog
  • 11,595
  • 1
  • 35
  • 66
  • tks. I ve tried it. the first 1000 ones or so. Told me that I got one of them in closed mode. Put it in stealth mode via a port forwarding. Wondering why my packets router filters did not catch it... – uploada Apr 14 '11 at 05:39
  • 1
    But I gave you a tool that answered your question. – Black Frog Apr 14 '11 at 06:06
0

Note that whether or not a port is 'open' is also a function of the requesting source host and port; it is pretty easy to configure a firewall system to open a port for a specific set of source IP and port ranges. So there's no sure-fire way to tell if a port is open or not from the outside; netstat -an or similar tools will more reliably tell you which ports are open. (Except in the case of a rootkit, but any respectable rootkit would probably limit access to the open ports to a handful of netblocks as well, just to keep their property theirs.)

It'd be a piece of cake to buy a VPS slice from your favorite hosting provider for $10 for a month and portscan your own machine; nmap's default -T3 scanning option already parallelizes the scan, which is useful, but if your network connection is decent, -T4 may go more quickly.

sarnold
  • 102,305
  • 22
  • 181
  • 238