Home / ubuntu / Questions / 906517
Accepted
pa4080
Asked: 2017-04-19 23:25:59 +0800 CST

Is it possible to perform port scanning of the local host itself as another host?

  • 772

In other words I want to see how the server looks outside when I don't have access to another machine to scan it. Let me give an example:

Case 1: When I am SSH connected to my VPS, which is Ubuntu Server, the result of port scanning looks like:

[email protected]:~$ nmap -p 1-20000 77.77.77.70

Nmap scan report for 77.77.77.70

PORT      STATE SERVICE
25/tcp    open  smtp
80/tcp    open  http
111/tcp   open  rpcbind
443/tcp   open  https
8142/tcp  open  unknown
11273/tcp open  unknown
18142/tcp open  unknown
18143/tcp open  unknown
18144/tcp open  unknown
18145/tcp open  unknown
18146/tcp open  unknown
18147/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 0.36 seconds

Case 2: When I perform the same command from my Ubuntu Desktop machine the result is filtered by the VPS’s firewall and it looks like:

user@Desktop:~$ sudo nmap -p 1-20000 77.77.77.70

Nmap scan report for 77.77.77.70

PORT      STATE SERVICE
80/tcp    open  http
443/tcp   open  https
11273/tcp open  unknown

Nmap done: 1 IP address (1 host up) scanned in 4298.23 seconds

So, my question is: Is there a way to achieve a result as in 'Case 2' from the VPS itself? Using of nmap is not mandatory.

networking

2 Answers

  1. Best Answer

    The short answer is: no, you cannot see how your server looks from the outside by looking from the inside.

    Long answer: As you wrote yourself, the scan from the outside is affected by the firewall, and possibly other intervening network components. In theory you could simulate that influence by way of a virtual network you set up on your VPS. But that's a lot of work and you'd have to know exactly what those components are and how they are configured. The only feasible approach is to find an external host from which you can do the scan.

    • 3

  2. If you don't have any firewall, you can run netstat -ln --inet --inet6 to list the listening sockets. This will show what listens to which interfaces.

    Quick sample:

    Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address       State      

tcp        0      0 0.0.0.0:5298            0.0.0.0:*            LISTEN     
tcp        0      0 0.0.0.0:22              0.0.0.0:*            LISTEN      
tcp        0      0 127.0.0.1:631           0.0.0.0:*            LISTEN      
tcp        0      0 127.0.0.1:1080          0.0.0.0:*            LISTEN

    Here we see two types:

    1. Sockets listening to 0.0.0.0 (or :: if you have IPv6)
    2. Sockets listening to 127.0.0.1 (or ::1 on IPv6)

    The first kind, listening to 0.0.0.0 or :: (any IP) will be available remotely, unless firewalled. Sockets listening only on localhost (127.0.0.1 or ::1) is only reachable via the loopback interface, and thus not remotely.

    In addition, you can have sockets bound to a specific interface, in which case the IP of the interface will be shown in column 3, e.g. 192.168.8.1 - meaning they're accessible only on that interface.

    This is not the same as a port scan, as it does not take firewall into account, but combined with reading firewall configuration it may be a good way to do the setup, and only verify via a portscan after you've configured firewall.

    • 3