Port Listeners

Today I had a request to open a particular port. Once I’d put the required rule in place, I ran a port scan and found the port is still reporting as closed. This means either the rule was incorrect and still being blocked by the firewall or the rule was correct but there is nothing currently listening on that port. In order to test this, it can be useful to create a simple process on the target machine listening on the required port.

You can use nmap to check if a port is open or not:

[[email protected] ~]$ sudo nmap -Pn exchange-server.ad.pikedom.com -p88
[sudo] password for andy: 
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-30 19:41 BST
Nmap scan report for exchange-server.ad.pikedom.com (192.168.17.67)
Host is up (0.00081s latency).

PORT   STATE  SERVICE
88/tcp closed kerberos-sec

Nmap done: 1 IP address (1 host up) scanned in 0.17 seconds

Linux

On a Linux server, you can easily create a listener with the netcat command. For example, on the target machine, run the following as the root user:

[[email protected] ~]$ sudo nc -l 88

On the host machine, you can check its listening with the netstat command:

[[email protected] ~]$ sudo netstat -plnt | grep :88
tcp        0      0 0.0.0.0:88             0.0.0.0:*               LISTEN      17112/nc            
tcp6       0      0 :::88                  :::*                    LISTEN      17112/nc

Windows

For Windows there is an awesome tool called Port Listener, available for download here.

Once downloaded, run the program and choose your port to test:

While still on the Windows server, you can test this is now listening on your chosen port by using PowerShell. Make sure you run PowerShell as the administrator.

PS C:\windows\system32> Get-Process -Id (Get-NetTCPConnection -LocalPort 88).OwningProcess

Handles  NPM(K)    PM(K)      WS(K)     CPU(s)     Id  SI ProcessName
-------  ------    -----      -----     ------     --  -- -----------
    178      15     3188      12360       0.28  19536   5 listener

Remote Test

Assuming the remote machine is of a Linux flavour, you can now test the port is open to you with either nmap or nc.

Using nmap:

[[email protected] ~]$ sudo nmap -Pn exchange-server.ad.pikedom.com -p88
Starting Nmap 7.70 ( https://nmap.org ) at 2019-07-30 20:23 BST
Nmap scan report for exchange-server.ad.pikedom.com (192.168.17.67)
Host is up (0.00092s latency).

PORT   STATE SERVICE
88/tcp open  kerberos-sec

Nmap done: 1 IP address (1 host up) scanned in 0.15 seconds

Using nc:

[[email protected] ~]$ nc -z -v exchange-server.ad.opsview.com 88
Connection to exchange-server.ad.pikedom.com 88 port [tcp/kerberos] succeeded!

Be the first to comment

Leave a Reply