Port Scanners

Modern port scanners can probe in stealthy, patient, and subtle ways, in combination with operating system fingerprinting, which refers to the art of guessing the operating system from stack peculiarities and additional hints derived from intelligent probing. Two of the most popular tools are the nmap and strobe programs. Example 6-1 provides two examples of these tools in action. The /etc/services file on UNIX systems provides a mapping between TCD/UDP port numbers and their textual names. This list is maintained by Internet Assigned Numbers Authority (IANA, http://www.iana.org/assignments/port-numbers) and consists of three port groups:

  • Well-known ports (0?1023)

  • Registered ports (1024?49151)

  • Dynamic ports (49152?65535)

Example 6-1. nmap and strobe Port-Scan Examples

[root@castor:~#] nmap -p 1-4000 localhost

Starting nmap V. 2.54BETA34 ( www.insecure.org/nmap/ )

Interesting ports on localhost.nerdzone.org (

(The 3994 ports scanned but not shown below are in state: closed)

Port       State       Service

22/tcp     open        ssh

1899/tcp   open        unknown

2070/tcp   open        unknown

2410/tcp   open        unknown

2560/tcp   open        unknown

3046/tcp   open        unknown

Nmap run completed -- 1 IP address (1 host up) scanned in 23 seconds

[root@ganymed:~#] strobe -b 1 -e 4000 localhost

strobe 1.05 (c) 1995-1999 Julian Assange <proff@iq.org>.

localhost    22 ssh          Secure Shell - RSA encrypted rsh

                -> SSH-2.0-OpenSSH_3.4\n

localhost    80 http         www www-http World Wide Web HTTP

                www          World Wide Web HTTP [TXL]