NetScanTools Pro, Demo and Full Version NetScanTools Pro version 11 Demo Info:Full install/uninstall is included.This is a DEMO - it cannot be unlocked andconverted into the Full Version.Trial Period:30 daysMore Information:Cost: $249NetScanTools Pro version 11 Full Version Current Licensees:Do you need a new installation file?If you have an older version of NetScanTools Prothat is operational:Please click on Help/Check for New Version.Download links are in embedded web page. Youwill need an active maintenance plan todownload. Your access credentials are shownabove the embedded window.If you did not save yourinstallation file (we asked you to do that) andyou do not have the software installed/running. IpPulseipPulse is a Connectivity Status Monitoring Tool.Use ipPulse to monitor the up/down status of IPconnected devices (nodes) on any IP connected network.ipPulse uses a variety of methods, including pingpackets, tcp connects, and SNMP to poll and checkthe network connectivity of a list of user-definednodes. IpPulse alerts you to failures using a varietyof techniques ranging from audible messages to emailnotification.File name: ipls192.zipFull install/uninstall is includedTrial Period: 30 daysMore Information:Cost: $69. ENUMresolverA freeware program designed to query your default DNS forthe ENUM NAPTR mapping between a telephone number and aSIP, H323, IAX2 or other URI.
LanScan is a free, simple and effective Mac OS X network scanner that discovers all active devices on your Local Area Network (LAN) Free download or Go Pro. Free Trial Driver Booster 6 PRO (60% OFF when you buy). Free Download 100% CLEAN report malware. A Network IP Port Scanner for public and private addresses. Net Scan also shows the name of each.
Use with VOIP systems to checkyour e.164 or freenum or other mappings. This program querieseach default DNS assigned to your system using the e164.arpaor other root tree for the corresponding NAPTR records anddisplays them.Operating System:Windows 10/8.x/7/Vista/XP/2008/2003Full install/uninstall is includedTrial Period: unlimitedCost: $0File name: enumresolver200.zip (440K)Current Version: 2.00, released 19 November 2008.
I have always been thrilled by Security and the concept of hacking (legally) into a computer or network. Perhaps it has to do with all those movies I watched growing up. I digress. A big part of hacking has to do with vulnerability assessment – finding vulnerabilities (both digital and non-digital) that you can use to gain access to a computer/network.
One of the things you will normally do while carrying out a vulnerability assessment is finding open ports on a device and what services are running on those ports. By doing this, you may find a vulnerability that you can exploit in one of the services running on that device.
In this article, we will be discussing some IP Scanning tools that can help check for open ports on a device and possibly probe for the services running on those ports.
Why would you want to check for open Ports/Services?
Like we discussed above, one of the major reasons why you would want to check for open ports and services is while performing a Vulnerability Assessment. This could be done as an external consultant for an organization or in the capacity of the administrator of a network. The goal is to be a step ahead of attackers because whether you like it or not, they will come for you.
Another closely related reason is when performing a Security Audit of your device/network. For example, a router that isn’t managed over the web or terminating VPN connections should not be listening on ports 80 or 443. By performing a port/service scan, you can discover open ports and turn off unnecessary services.
You can also scan the open ports on a computer/server. Some malware (e.g. rootkits) open ports on systems that give attackers access to that system. I remember an organization I consulted for where we found that someone has gained access to a server and was sending a huge amount of data somewhere, eating up all the organization’s bandwidth.
Before we go into the tools that can be used for checking open ports and services, let me sound a note of warning: Port scanning can be deemed illegal and so you should never perform a port scan without authorization (preferably written) from the owner of the computer/network. This is because port scanning can reveal sensitive information about a computer/network that can be misused by an untrusted party.
Here's the Top Port Scanners of 2019:
We will now discuss some IP Scanning tools that can be used for checking for open ports and services. Most of the tools mentioned here have other uses but we will focus on their port scanning ability. The tools we will discuss are as follows:
1. SolarWinds Port Scanner
I stumbled on this free tool from SolarWinds while researching for this article. It is probably the closest to Nmap is terms of the output it provides.
It does OS detection (quite well), and also lists open/closed/filtered ports. It provides the results of a scan in a nice looking GUI, complete with the logos of the discovered operating systems.
It is available for free download here. Keep in mind that it can only be installed on Windows OS.
Download Free Today from Solarwinds.com:
2. Nmap
Anyone who has been in the Networking or Security industry for a while will have heard about Nmap. Nmap which is short for “Network Mapper” can be used for a lot of things like network discovery, vulnerability assessment, network inventory and so on. What’s more? Nmap is free and open source. In fact, a lot of network management tools include Nmap is one form or the other.
Relevant to our discussion is using Nmap to check for open ports and services running on a device. Nmap handles this effortlessly. Not only will Nmap tell us the hosts that are available on the network (i.e. network discovery), it will tell us what services are running on those hosts (with a lot of information), and if you want, it can go as far as attempting to identify the operating system of the host.
While most people will use Nmap from a terminal window or command prompt, learning how to use Nmap with all its various switches and options can be a daunting task for a new user. Therefore, a new user may want to use Zenmap which is a GUI for Nmap to perform scans and view results, as seen in the screenshots above and below.
Zenmap provides in-built “profiles” that can be used to perform popular scans (e.g. Ping scan, Quick Scan, Intense Scan) without having to know which options to use.
To see how Nmap works, I will scan my home wireless network which is on the 192.168.8.0/24 subnet. There are a couple of devices on this network, from my Macbook to Windows PCs, and also phones.
To start off, I will run a basic Ping Scan to check what hosts are available on that network using the command: nmap -sn 192.168.8.0/24
As you can see, it discovered that there are 3 hosts available on the network. This does not mean there are no other hosts (because there are); it just means these are the ones that responded to ping.
I have noticed that by running the ping scan with elevated privileges (e.g. sudo), I can get more information:
Now that we have discovered the hosts on the network, we can go ahead to probe them further. Let’s take the device with an IP address of 192.168.8.101 as an example. We will run a scan that will perform OS detection, determine open ports, and also probe the open ports for the services running on them. A simple command that will achieve all these is: nmap -A 192.168.8.101
Note: I had to scrub the data to protect sensitive information. Also, the result would have been more detailed if I had run it with elevated privileges.
As you can see, Nmap is an awesome tool and we have barely scratched the surface. You can perform different TCP/UDP scans, and even try to bypass firewalls that block port scanning attempts. Nmap is available on most operating systems including Windows, Mac, and Linux.
Download Nmap/ZenMap from their official Site:
3. Angry IP Scanner
The next tool on the list is Angry IP Scanner. Even though this tool is quite simple, its speed is mind blowing because it uses multithreading i.e. multiple threads to scan a network.
Angry IP Scanner is a GUI-based tool that can detect open and filtered ports, resolve MAC addresses to vendors, provide NetBIOS information, and so on. Unlike Nmap and SolarWinds Port Scanner, it cannot do OS detection, neither does it probe open ports for the services running on those ports.
From the test I ran on my home network, it seems to have more false positives than Nmap because it found open ports that were not really open. However, it correctly listed all the truly open ports on all devices.
Angry IP Scanner can be installed on Windows, Mac, and Linux operating systems. However, it requires Java to run.
Download Angry IP Scanner from their Official site here:
4. Netcat
The last tool we will discuss is Netcat. Netcat is an old tool (dates back to 1995!) and is popularly called the “swiss army knife” utility of a network/security engineer. The main purpose of netcat is to “read and write data across network connections”; however, it also has an inbuilt port scanner. Even though the port scanning feature is not anything fancy, it gets the job done.
Let’s scan the 192.168.8.101 host using netcat. The following command tells netcat to scan TCP ports 1 to 500 on host 192.168.8.101 without sending any data (-z) and timing out after 1 second (-w1): nc -v -z -w1 192.168.8.101 1-500. The -v option enables verbose mode.
Note: The open ports on netcat and Angry IP Scanner seem to match.
The original version of Netcat is not maintained anymore. However, there are several variants and implementations available and you should be able to get one for Linux, Mac, and Windows operating systems with a good Google search.
Your can find the Original download of Netcat at Sourceforge:
Online Tools
While the tools we have discussed so far need to be installed (or executed) on a PC, there are IP scanning tools available online for checking ports and services. Of course these tools will not be able to scan your internal network but they can be used to scan publicly available devices. For example, if you are hosting your own server (e.g. Digitalocean droplet, AWS instance), you can use these tools to audit them.
Note: All the tools we have mentioned above can also be used to scan external hosts.
Some online IP scanning tools include TCP Port Scan with Nmap from Pentest-Tools.com, MxToolBox’s Port Scan, IPFingerPrint’s Open Port Checker & Scanner, etc.
Here is a snapshot of the open ports on one of my servers using TCP Port Scan with Nmap from Pentest-Tools.com:
Conclusion
In this article, we have looked at various IP and Port Scanning tools for checking open ports and services. If you are looking for a very fast tool that provides basic port checking, then go for Solarwinds scanning tool.
The SolarWinds Port Scanner is also a good tool with a nice GUI and easy to use and works without any faults or issues whatsoever. The interface and GUI is updated and the tool seems to be updated quite often. If you are a power-user and like to get your hands dirty, then Nmap might be the solution for you due to its array of options, although there may be a bit of learning curve to it. I can tell you its not nearly as easy to run scans using Nmap (even the GUI) as it is with Angry Ip Scanner and Solarwinds scanner.
Finally, keep in mind that the results you will get when performing a port scan from an internal network will be different from your results when coming from the outside. This is because of the various filtering devices that will block access from the outside.
Also, before using a Port Scanner on a network, make sure you get the proper permissions from the network administrator or engineer, as some of these scanners can throw off some flags in IDS or on their Firewalls!
Comments are closed.
|
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |