List open ports and listening services

If you’re looking for a way to discover which ports are standing wide open on network machines, read about a powerful cross-platform solution that will do the trick.

One of the biggest headaches for network administrators is open ports on devices. Unless you manually installed the operating system on every device on your network, ensuring to close down all unessential ports, you run the risk of attack.

The ports you should disable will vary by system and may even be dictated by the needs of specialized software (for instance, QuickBooks requires specific ports — determined by release — in order to function). You need to come up with a list of ports that either can or must remain open. Once you have that list, you can set about closing up shop on those machines.

But how do you know which machines have which ports open? Sure, you could go around to every machine on your network, open whatever is being used as a firewall, and manually make sure all necessary ports are open and all unnecessary ports are closed.

Or, you can scan the network and find out which machines have which ports open. When you know the location of open ports, you can check that information against your master list and close everything that is necessary. Now comes the tricky part.

How to run a port scan

How do you find out which machine has which port open? You run a port scan. In case you don’t know how to run a port scan, I’ll walk you through the process.

I’m using a Linux machine for the scan. Why? Because Linux has great scanning tools that are ready for the task, free, and easy to use.

If you don’t have a machine with Linux running on it, worry not — you can download a network penetration live distribution such as Kali Linux, burn the ISO onto a CD or USB flash drive, and boot a machine into a live instance of Linux (no changes will be made to the machine being used, as the live instance is run completely from RAM). With the live instance up and running, you’ll have an amazing assortment of network forensic/analysis tools at your disposal.

The port scanning tool you should use

The best tool for port scanning is Nmap. If you don’t want to monkey around with the command line, there’s an outstanding GUI front end called Zenmap, which is available for Linux, Windows, and Mac. If you don’t want to bother with Linux, you can install it on Windows. (Nmap is far more powerful than the Windows built-in network scanning tools.) Nmap and Zenmap work identically across platforms, so when you know how to use the tool on one platform, you can use it on all of the platforms.

After Zenmap is installed, you are ready to run a full port scan on your network. The size of your network will dictate the time it takes to run the scan. With Zenmap, you can run very general and very specific scans. Let’s first run a very general scan to get an idea of what we’re dealing with. We’ll run a scan on an entire 192.168.1.x network.

  1. Open Zenmap.
  2. In the Target section, enter (or, however large you need to scale).
  3. From the Profile, select Intense Scan.
  4. Click the Scan button.

You should immediately see results populate the Nmap Output tab; the results display open ports on machines within your network