Multi-brand tcp port scanner lazarus. Scan open ports by IP

It is better to start scanning your network for security by checking the availability of ports. For these purposes, special port scanning software is most often used. If it is missing, one of the online services will come to the rescue.

A port scanner is designed to search for hosts on a local network with an open interface. It is mainly used by either system administrators or attackers to detect vulnerabilities.

The described services do not require registration and are easy to use. If you access the Internet via a computer, the sites will display the open ports of your host; when using a router to distribute the Internet, the services will show the open ports of the router, but not the computer.

Method 1: Portscan

A special feature of the service is that it offers users fairly detailed information about the scanning process and the purpose of a particular port. The site operates free of charge; you can check the functionality of all ports together or select specific ones.

In addition to checking ports, the site offers to measure ping. Please note that only those ports that are listed on the website are scanned. In addition to the browser version, users are offered a free scanning application, as well as a browser extension.

Method 2: Hide my name

A more universal tool for checking port availability. Unlike the previous resource, it scans all known ports; in addition, users can scan any hosting on the Internet.

The site is completely translated into Russian, so there are no problems with its use. In the settings you can enable English or Spanish interface language.

On the site you can find out your IP address, check your Internet speed and other information. Despite the fact that it recognizes more ports, working with it is not entirely comfortable, and the resulting information is displayed in too general a manner and is incomprehensible to ordinary users.

Method 3: IP Test

Another Russian-language resource designed to check the ports of your computer. On the website, the function is referred to as a security scanner.

Scanning can be carried out in three modes: normal, express, full. The total scan time and the number of detected ports depend on the selected mode.

The scanning process takes a few seconds, while the user only has information about open ports; there are no explanatory articles on the resource.

If you need to not only detect open ports, but also find out what they are for, your best bet is to use Portscan. The information on the site is presented in an accessible form and will be understandable not only to system administrators.

What is port scanning? What scanning methods exist? What threats does it pose?

In today's article I will try to talk about what scanning of open ports is, I will tell you about the methods used in port scanning and how to protect yourself from all this.

Scanning is a set of procedures that allows you to identify hosts, ports and services of the target system. Scanning a network allows an attacker to collect a profile of the machine being attacked.

According to the Ethical Hacking and Countermeasures EC-Council, the following types of scanning are distinguished:

network scanning - identifying nodes on the network;
port scanning - identifying open ports and functioning services;
system security scanning - identifying known system vulnerabilities.

At first glance, there is no harm in scanning, however, it is difficult to agree with this approach, because scanning precedes the attack, allowing the attacker to find out which services are running on the target system, and therefore to prepare and carry out a targeted attack against the identified services and their vulnerabilities. Therefore, it is necessary to combat the intelligence of attackers.

Port Scanning Purposes

At the same time, it would be useful to note that scanning itself is not always a malicious action; it all depends on its goals. Information security services or IT staff may well resort to scanning to determine infrastructure vulnerabilities or visibility of services from the external network.

In essence, often everything starts with a network scan; it is this that allows one to identify weak nodes, their IP addresses, open ports, determine the operating system, which means that theoretically possible vulnerabilities become clear, which is no small feat for the organizer of an attack.

Port scanning methods

We identify the structure of the network. The easiest way to scan is ICMP scanning. The operating principle is based on the ICMP protocol, and this type of scanning allows you to find out “live” nodes in the network and build a network diagram with a list of its nodes. The essence of the method is to send ICMP requests to network nodes; if a computer or other device working with the TCP/IP protocol stack is active, a response will be sent. This is the so-called ping sweep or ICMP sweep. There are a huge number of tools that allow you to perform such scanning.

Port scanning. The next stage is identifying open ports. Essentially, this makes it possible to determine which services are running on a remote node, a list of which we have already received as a result of a previous scan. In addition, from the analysis of received packets, you can also identify the operating system and a number of other important parameters (the presence of a packet filter, for example).

Here we are talking about TCP scanning. Its principle is based on the peculiarities of TCP. In essence, a very similar interaction mechanism is adopted in aviation during negotiations between pilots and the dispatcher, including a request, a response with instructions, and confirmation of the received instructions. This method of interaction, if it does not completely eliminate the possibility of misunderstanding, then at least significantly reduces this likelihood.

It might look like this:

Pilot: Sheremetyevo-Taxiing, Aeroflot 502, clear preliminary.
Dispatcher: Aeroflot 502, 25 right1 on RD2 10, mainline, RD5 preliminary clearance.
Pilot: Aeroflot 502, 25 right, on taxiway 10, mainline, taxiway 5 preliminary cleared.

What's going on here? The pilot asked the dispatcher for permission to taxi and his route. The dispatcher authorized taxiing and determined the route to follow.

The pilot confirmed the route and the dispatcher's clearance. That's it, you can move - the route has been received.

A very similar thing happens in TCP communication. The three-way-handshake or “three-stage” coordination scheme is used here; the term “three-stage handshake” is also used, which allows you to synchronize the transmitting and receiving nodes and establish a session, which is essentially identical to the example with radio communications.

Using this legal algorithm, an attacker can find out which ports are open on the server, that is, understand which services are used in the system, which operating system. There are several effective techniques for this.

Full Connect Scan

Some port scanning techniques. The most effective and uncomplicated scanning method is Full Connect Scan (Full Open Scan). Its principles are precisely shown in Figure 3. An attempt is made to perform a three-way handshake with the nodes of interest to the researcher. If the required port is open, then we receive a SYN+ACK message from it, after which we send an RST (session reset) to the node; if it is closed, then we receive an RST from the node being checked. It should be noted that this scanning method is easily identified, therefore, it is not difficult to resist it.

Stealth Scan

Another way to scan a network is called Stealth Scan (Half-open Scan). In this case, the attacker tries to bypass the firewall protection and disguise itself as normal network traffic in order to avoid recording the scanning event in the system logs. We are not talking about negotiation here; the researcher simply sends a SYN packet to the port of interest on the required server. If the response is SYN+ACK, then the port is open, if RST, then the port is closed.

This scanning method is more sophisticated, but modern intrusion prevention systems must be able to withstand it.

Xmas Scan

No less well-known scanning methods are Xmas Scan and Null Scan, but we will not consider them due to the fact that protection against them is implemented within modern Microsoft operating systems, so they will not be of great interest to us. A special feature of these types of scanning is the stealth mode of operation, that is, without setting up a session. However, you can see the details in the Ethical Hacking course or in the book “Network Security Test Lab”. These types of scans are only effective on operating systems where the TCP stack is based on RFC 793. All modern operating systems from Windows Vista and older are not affected by this risk.

Idle Scan

Perhaps the most interesting scanning method is Idle Scan. The main idea is that an attacker can scan a victim without showing him his IP address, that is, from the point of view of the scanned node, the attacker does not seem to communicate with him. A “dummy” node is used, which can be identified by intrusion countermeasures systems as the source of the attack. This is a very reasonable technique, so-called spoofing, when the sender’s address is replaced with the address of another device. It must be said that a computer that has certain vulnerabilities can become a “dummy” node or “zombie”. Operating systems generally need to be updated, but this is not always the case, and an attacker can always find “helpers”; in addition, a network printer or other network device that works with the basic functionality of the TCP stack can be used as a “zombie”. /IP.

This scan uses the Identification field in the IP header (IPID). The IPID value increases by one in each subsequent packet that the node sends. In essence, this is a vulnerability because it becomes possible to predict how many packets were transmitted between two packets that were received. Modern operating systems use a random value for the IPID field, however, as mentioned above, there is always a solution. For modern Unix and Windows systems from Windows Vista and older, this problem has already lost its relevance.

Let's look at Figures 4 and 5. In the first step (1), the attacker contacts a rogue device with a standard SYN packet. The device responds with a SYN ACK (2) or SYN RST packet, which is more likely, but the IPID becomes visible to the attacker from the packet header. This is what you need to remember (3). Next, the attacker contacts the server he is interested in (4), and replaces his IP address with the address of a fake node, that is, he disguises himself using spoofing (address spoofing). In response to this request, the server, if the port is open, sends SYN/ACK to the dummy address (5). We've made the change. Not knowing what to do with this packet, the rogue computer will respond with an RST (session reset), while increasing the value of its IPID. In our case, it will be equal to 30132 (6). If the port is closed, the server will send a session reset (RST) - see Figure 5 (5).

Idle scanning (port on the server is open)

Idle scanning (port on the server is closed)

The IPID of the fake node remained unchanged, in our case 30131, since the “zombie” did not send anything to anyone else. Now all that remains is to turn to the “zombie” again, as we did above, identify its IPID, and compare it with the value we have. If IPID increases by 2, then the port is open.

Another important point that I would like to note is that operating systems have their own specifics when working with the TCP/IP stack. Using these features when analyzing packets received during scanning, it is quite possible to find out what OS we are dealing with; Banner Grabbing scanning techniques are built on these principles. The task is to identify information about the computer system and its vulnerabilities, which will allow the attacker to use this knowledge for their subsequent destructive actions. Any modern scanner will provide the attacker with this information.

Operating systems generally need to be up to date, but this is not always the case, and an attacker may find helpers, or a network printer or other network device that runs the basic functionality of the TCP stack can be used as a zombie. IP

It is easy to see that all scanning methods considered are based on the normal behavior of nodes, which means that any computer or other network device is potentially vulnerable.

The attacker has the ability to collect and analyze information received about the network structure, services, and system vulnerabilities. This provides the potential opportunity to prepare a targeted attack against specific nodes and services.

From the translator. Hello, today I want to publish a translation of an article with a list of services that will help you find open ports on servers. I hope that the article will be useful.

If you host your web applications on an administered server or shared hosting, then you have nothing to worry about. However, for a virtual or dedicated server, you must provide every security option for your server.
Having unnecessary ports open is a bad idea that an attacker can take advantage of in a variety of ways.

Below are free online services that will help you find out if ports are open so you can check and block them if they are not in use.

Note: if you run a port scanner for your site's DNS, and it is behind a proxy such as CloudFlare or SUCURI, it may not return accurate information. Use the real server IP address.

Port scanner from MX ToolBox

MX Toolbox tries to check the 15 most frequently used ports with a timeout of 3 seconds and gives results which ones are open and which ones are not.

Online port scanner

This tool is a personal project of Javier Yanez, which allows you to scan ports for IPv4 and IPv6 addresses for free.

Port scanner from T1 Shopper

Scans one or a range of ports listening on a server with a specified IP. This is useful if you only want to scan selected ports.

Port scanner from Hacker Target

Performs a quick scan of the six most common ports (FTP, SSH, SMTP, HTTP, HTTPS, RDP) with an NMAP port scanner.

Port scanner from DNS Tools

Quickly scans some common ports such as FTP, SMTP, DNS, Finger, POP3, SFTP, RPC, IRC, IMAP, VNC, etc.

Nmap (“Network Mapper”) is an open source network exploration and security testing utility. It was designed for quickly scanning large networks, although it also works well with single targets. Nmap uses raw IP packets in ingenious ways to determine what hosts are available on the network, what services (application name and version) they offer, what operating systems (and OS versions) they use, what types of packet filters/firewalls they use, and dozens of other characteristics. . While Nmap is typically used for security testing, many network and system administrators find it useful for common tasks such as monitoring network structure, managing service startup schedules, and keeping track of host or service uptime.

The output of Nmap is a list of scanned targets with additional information for each depending on the options specified. The key information is the "important ports table". This table contains the port number, protocol, service name, and status. The status can be (open), (filtered), (closed), or (not filtered). means that the application on the target machine is ready to establish a connection/receive packets on this port. means that a firewall, network filter, or some other network interference is blocking the port and Nmap is unable to install that port or. The ports are not associated with any application, so they can be opened at any time. Ports are evaluated as such when they respond to Nmap requests, but Nmap cannot determine whether they are open or closed. Nmap returns combinations when it cannot determine which of these two states describes the port. This table can also provide details about the software version if requested. When performing IP protocol scanning (), Nmap provides information about supported IP protocols rather than open ports.

In addition to the table of important ports, Nmap can provide further information about targets: resolved DNS names, guesses about the operating system being used, device types, and MAC addresses.

A typical scan using Nmap is shown in Example 1. The only arguments used in this example are to determine the OS version, script scan, and trace; for faster execution; then two target hosts.

Example 1: Typical scanning example with Nmap

# nmap -A -T4 scanme.nmap.org playground Starting Nmap (https://nmap.org) Interesting ports on scanme.nmap.org (64.13.134.52): (The 1663 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 22/tcp open ssh OpenSSH 3.9p1 (protocol 1.99) 53/tcp open domain 70/tcp closed gopher 80/tcp open http Apache httpd 2.0.52 ((Fedora)) 113/tcp closed auth Device type : general purpose Running: Linux 2.4.X|2.5.X|2.6.X OS details: Linux 2.4.7 - 2.6.11, Linux 2.6.0 - 2.6.11 Interesting ports on playground.nmap.org (192.168.0.40) : (The 1659 ports scanned but not shown below are in state: closed) PORT STATE SERVICE VERSION 135/tcp open msrpc Microsoft Windows RPC 139/tcp open netbios-ssn 389/tcp open ldap? 445/tcp open microsoft-ds Microsoft Windows XP microsoft-ds 1002/tcp open windows-icfw? 1025/tcp open msrpc Microsoft Windows RPC 1720/tcp open H.323/Q.931 CompTek AquaGateKeeper 5800/tcp open vnc-http RealVNC 4.0 (Resolution 400×250; VNC port: 5900) 5900/tcp open vnc VNC (protocol 3.8 ) MAC Address: 00:A0:CC:63:85:4B (Lite-on Communications) Device type: general purpose Running: Microsoft Windows NT/2K/XP OS details: Microsoft Windows XP Pro RC1+ through final release Service Info: OSs : Windows, Windows XP Nmap finished: 2 IP addresses (2 hosts up) scanned in 88.392 seconds

The latest version of Nmap can be downloaded from https://nmap.org. The latest version of the Nmap help page (man page) is located at https://nmap.org/book/man.html.

Here are several examples of using Nmap, from the simplest to the more sophisticated. Some real-life IP addresses and domain names are used to make the examples more specific.

In their place you must substitute the addresses/names from your own network.. While scanning the ports of a particular network is not illegal, some network administrators may not like the way their networks are scanned and may complain. First, try to get permission.

For testing purposes, you have permission to scan. You can use Nmap scanning, but not test exploits or perform denial of service attacks. To avoid overloading the channel, please do not perform more than a dozen scans of this host per day. If this free-to-scan host is abused, it will be disabled and Nmap will issue (cannot resolve this name/IP: scanme.nmap.org). All of the above also applies to hosts, and so on, even though these hosts do not yet exist.

nmap -v scanme.nmap.org

This command will scan all TCP ports of the machine. The option activates the verbal mode.

nmap -sS -O scanme.nmap.org/24

This command will perform a covert SYN scan of all 255 machines on the “class C” network in which the Scanme machine is located. It will also attempt to detect the operating system on each running host. Due to SYN scanning and the OS detection option, this command requires superuser (root) privileges.

nmap -sV -p 22,53,110,143,4564 198.116.0-255.1-127

Runs a host brute force and TCP scan of the first half of all (of the available 255) 8-bit subnets of the 198.116 class B address space. Also checks whether SSH, DNS, POP3 or IMAP are running on their standard ports, and whether any application is using port 4564 If any of these ports is open, an attempt will be made to determine the application running on this port.

nmap -v -iR 100000 -PN -p 80

Tells Nmap to randomly select 100,000 hosts and scan them for web servers running on them (port 80). Enumeration of hosts is disabled by the option, because sending a couple of preflight requests to determine host availability is impractical when you only care about one port on each host.

nmap -PN -p80 -oX logs/pb-port80scan.xml -oG logs/pb-port80scan.gnmap 216.163.128.20/20

This command will scan 4096 IP addresses (without prior ping), and the output data will be saved in XML format and a format that is convenient for viewing by the grep utility (grepable format).

A few examples of working with a wonderful network scanner - NMAP

Scan the network looking for Active Hosts:

$ nmap-sn 192.168.1.0/24

Scanning a list of hosts/networks from a File:

File format:

- Entries can be in any of the formats that Nmap works with from the command line (IP addresses, hostnames, CIDR, IPv6, or octet ranges). Entries must be separated by one or more spaces, tabs, or newlines.

$ cat input.txt server.test.com 192.168.1.0/24 192.168.2.1,2,3 192.168.3.0-200

Scan Multiple IP Addresses:

$ nmap 192.168.1.1 192.168.1.2 192.168.1.3 $ nmap 192.168.1.1,2,3

5. Excluding IP/Hosts/Networks from Scanning

Exclude Targets from Nmap scanning:

$ nmap 192.168.1.0/24—exclude 192.168.1.1 $ nmap 192.168.1.0/24—exclude 192.168.1.1 192.168.1.5 $ nmap 192.168.1.0/24—exclude 192.168.1.1,2,3

Exclude List of hosts taken from file:

$nmap 192.168.1.0/24—excludefile exclude.txt

6. Scan Specific Ports

Scan One Port:

Scan Multiple Ports:

$ nmap-p80,443 192.168.1.1

Scan Port Range:

$nmap-p80-1000 192.168.1.1

Scan All Ports:

$nmap-p"*" 192.168.1.1

Scan open ports

7. Determination of Supported IP Protocols

Determine which IP Protocols (TCP, UDP, ICMP, etc.) the scanned host supports:

8. Scanning TCP/UDP Ports

Scan all TCP Ports:

Scan specific TCP Ports:

$ nmap-p T:80 192.168.1.1

Scan all UDP Ports:

Scan specific UDP Ports:

$ nmap-p U:53 192.168.1.1

Combining scanning of different ports:

$ nmap-p U:53,79,113,T:21-25,80,443,8080 192.168.1.1

9. Quick Scan

Activate Quick Scan Mode:

Show Cause of Port Status

Show the reason why Nmap thinks a port is in a certain state:

$nmap—reason 192.168.1.1

11. Show Only Open Ports

Show Only Open Ports (or possibly open ones):

$nmap—open 192.168.1.1

Show only open 22nd ports:

nmap-p22—open 192.168.1.1

12. OS Definition

Enable OS Detection:

* Identifies the remote operating system using the TCP/IP stack fingerprint.
13.

Determining the Version of Services

Enable Service Version Detection:

* Determines the versions of programs running on the remote server.
14. Firewall Detection

Find out if your computer is protected by any Packet Filters or Firewall:

17. Covert Scan

TCP SYN scan:

20 Awesome Nmap Command Examples

Disabling Host Discovery (No Ping)

Do not ping hosts before scanning:

19. Disabling DNS Use

Never reverse DNS name resolution for every active IP address discovered:

20. Saving Nmap Scan Results to a File

$ nmap 192.168.1.1 > output.txt $ nmap-oN output.txt 192.168.1.1

$nmap-oX output.xml 192.168.1.1

This command will allow you to run all scripts and many other options, here is the description from the help menu: Enable OS detection, version detection, script scanning, and traceroute.
For example, for the Samba service (port 445), it will show the following:

Scanning services running on servers online

This scanning is carried out by the famous Nmap program. This program will scan the IP or website address given to it, show open ports and running services. You can specify multiple IPs, their range, or one website address. But the maximum operating time for one session is 20 minutes and it can be reduced if there is excessive load on the server.

If you specified only one website address/IP, then you will get results quite quickly. If you specified a large range, it may take several minutes before you receive the first results.

The field for entering ports can be left blank. Then in this case the most frequently used ports will be scanned.

How to use nmap

You can enter a single port, a range of ports separated by a dash, multiple ports or ranges separated by a comma. There is no need to include spaces; all characters except numbers, hyphens and commas are filtered out.

You don't need to enter too large ranges or too many addresses, since scanning is done through Tor (i.e. slow), and the maximum scanning time is limited to twenty minutes. If the scan is not completed within this period, it will be reset, and the results already obtained will be lost.

Input examples:

mi-al.ru
62.109.8.180
62.109.8.180/24
62.109.8.170-180

Examples of port input:

1-100
1-100,443
1-100,443,8000-8100

Fast multi-threaded port scanner!
Scan the network and find devices.
Determine the IP and MAC addresses.
Remotely turn on, turn off and reboot your PC.
Receiving information from a PC over a network by an administrator.

This free program allows you scan a local network, detect active hosts, computers, servers and other devices, determine their MAC and IP addresses.

Built into the program multi-threaded scanner of IP addresses and TCP ports on the network, so searching for network devices will not take much time.

How can I find out what IP address a device connected to the network has received? This could be a tablet or TV on a home wifi network, or it could be a corporate network with hundreds of different devices. In any case, our program will allow you to scan the network, detect devices and display their addresses (IP, MAC, DNS, WINS).

Supports scanning of one or more IP address ranges and many protocols for detecting network devices (ICMP ping, searching for open TCP ports, NetBios, SNMP, UPnP, ...). After completing the process of searching for hosts on the network, you will have the opportunity to upload the list of detected device addresses to a file or copy it to the clipboard.

Download the free port scanner program now and use it whenever the need arises!

View screenshots of the network scanning program...

Windows XP/2003/Vista/2008/7/8.1/2012/10/2016 are supported.

What else can the program do?

Receiving various information from found Windows computers over the network: system information, list of installed programs, registry contents (see screenshot), list of processes and services, open resources, user accounts and groups, event log, etc.
HackWare.ru

(if you have administrator rights on the remote computer);
Receiving various information from switches and printers using SNMP, UPnP, NetBios protocols (see screenshot);
Determining and displaying device MAC addresses;
Scanner for open TCP ports on a remote host (see screenshot);
Ping hosts;
Route tracing;
Turning computers on and off over the network (see screenshot).

Want to scan something else online? Try our other programs:

Download our other useful programs for network administrators:

How to organize computer accounting on a network

How to organize monitoring of hosts, servers, services and databases

How to administer and monitor a network from one program

How to find the necessary files on the local network

How to find out who, when and what downloaded from your network folders

How to track changes in computer configurations over a network

Accounting for software on network computers

Inventory and accounting of used hardware on network computers

With this option you can define which ports you want to scan and override the default settings. Specifying individual port numbers is acceptable, as is specifying ranges of ports separated by a hyphen (eg). The starting and/or ending values of ranges can be omitted, causing Nmap to use 1 and 65535 respectively. Therefore, you can set the option to scan all ports from 1 to 65535. Scanning port zero is acceptable if you specify it explicitly. For IP protocol scanning (), this option specifies the protocol numbers you want to scan for the range (0-255).

When scanning both TCP and UDP ports, you can specify a specific protocol by specifying or before the port numbers. The qualifier will remain in effect until you specify another one. For example, when specifying an argument, UDP ports 53,111, and 137, as well as all listed TCP ports, will be scanned.

How to use Nmap to scan your network

Keep in mind that to scan both UDP and TCP ports, you must specify the option and at least one of the TCP scan types (such as, or). If a protocol qualifier is not specified, the listed ports will be added to all protocols.

Ports can also be specified by names, which are specified in. Can you even use symbols? and * with names. For example, to scan FTP and all ports whose names start with "http", use. Be careful when typing this command and enclose the argument in quotes.

Port ranges can be enclosed in square brackets to identify ports within that range that are mentioned in. For example, the following command will scan all ports equal to or less than 1024: . Be careful when typing this command and enclose the argument in quotes.

Indicates that you want to scan only the ports specified in the ports that come with Nmap (or in the logs file for). This is much faster than scanning all 65535 ports of the target machine. Because this list contains many TCP ports (more than 1200), the difference in speed compared to the default TCP scan (about 1650 ports) is insignificant. The difference can be huge if you define your small file using or options.

From the translator. Hello, today I want to publish a translation of an article with a list of services that will help you find open ports on servers. I hope that the article will be useful.

Note: if you run a port scanner for your site's DNS, and it is behind a proxy such as CloudFlare or SUCURI, it may not return accurate information. Use the real server IP address.