Network Services # nmap -sUT localhost Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) Interesting ports on rh9 (127.0.0.1): (The 3064 ports scanned but not shown below are in state: closed) Port State Service 22/tcp open ssh 25/tcp open smtp 68/udp open dhcpclient 123/udp open ntp 6000/tcp open X11 Nmap run completed — 1 IP address (1 host up) scanned in 3 seconds It has identified the same ports as netstat did, with the exception of xinetd listening on tcp/32769. This is because port 32769 is not in the range 1 to 1023, nor is it listed in /etc/services, so it won’t get scanned by default. If we used the -p flag to specify port numbers (e.g. added “-p 1-65535″ to the command line to have all ports scanned), then the open port is found and listed with “unknown” in the service column. Notice that nmap needs to be told which host to scan the ports on, suggesting that it can be used to scan for open ports on remote machines. Nmap is indeed capable of scanning for open ports on a range of remote machines, even choosing addresses at random. However, it is wise to get written permission from the owners of systems before scanning their ports, since this action may be seen as a prelude to illegal hacking activity. After all, it is just like walking past a row of parked cars and trying the doors on each one to see if they’re locked. If a policeman caught you doing that, you’d have a hard time explaining that if you were only looking for unlocked cars so you could tell the owners to be more careful. IP traffic It is surprisingly easy to capture and analyze network traffic. There are many tools available that enable users with sufficient privileges to record the headers and contents of network packets into files on disk and analyze the contents later. With broadcast network media, such as Ethernet, every machine on a network segment receives all the packets, regardless of who the packet is addressed to. Normally, the receiving network card discards packets not addressed to it, but most network cards can be configured to operate in “promiscuous” mode, which allows them to receive and process packets regardless of their intended destination. (Ethernet switches, as opposed to hubs, have intelligence and effectively create a series of point-to-point Ethernet links, instead of sending all packets to all machines. This not only improves security, it can also improve performance.) We’ll use a utility called tcpdump (from the RPM package of the same name) to demonstrate just how easy it is to capture data not destined for our machine. (As with nmap above, make sure you have permission to do this if you’re going to try it on a network that you don’t own!) Our theoretical test setup is this. There are three machines, all connected to a 10/100 Ethernet hub, and all on a private subnet 192.168.1/24 (that’s shorthand for a subnet 192.168.1.0 with a netmask of 255.255.255.0, i.e. 24 bits). Fred (192.168.1.l) is a Windows machine that we’ll use as a telnet client, Bob (192.168.1.2) is a Linux server we’ll be telnetting in to, and Kate (192.168.1.3) is our Red Hat Linux 9 machine. On Kate, we su to root and type: # tcpdump -i eth0 -l -q -X src or dst port 23 This tells tcpdump to listen to all packets on interface eth0 (-i eth0), buffer the output line-by-line (-1), don’t print lots of header information (-q) but do print the packets in ASCII (-X) and show only packets where the 421
Hint: If you are looking for high quality webhost to host and run your jsp application check Vision web hosting jsp services