Determining What’s Running on Open Ports - jude-lindale/Wiki GitHub Wiki

As a security professional, you need to gather the things that count when scanning your systems. You can often identify the following information:

  • Protocols in use, such as Domain Name System and NetBIOS.
  • Services running on the hosts, such as email, web, and database systems.
  • Available remote access services, such as Remote Desktop Protocol, Telnet, and Secure Shell.
  • Virtual private network services such as SSL/TLS and IPsec.
  • Permissions and authentication requirements for network shares.

You can look for the following sample open ports (which your network-scanning program reports as accessible or open):

  • Ping (ICMP echo) replies, showing that ICMP traffic is allowed to and from the host.
  • TCP port 21, showing that FTP could be running.
  • TCP port 23, showing that Telnet could be running.
  • TCP ports 25 or 465 (SMTP and SMPTS), 110 or 995 (POP3 and POP3S), or 143 or 993 (IMAP and IMAPS), showing that an email server could be running.
  • TCP/UDP port 53, showing that a DNS server could be running.
  • TCP ports 80, 443, and 8080, showing that a web server or web proxy could be running.
  • TCP/UDP ports 135, 137, 138, 139 and, especially, 445, showing that a Windows host could be running.