nmap -sT -O localhost



Starting Nmap 5.00 ( http://nmap.org ) at 2009-12-05 01:11 IST

Warning: Hostname localhost resolves to 2 IPs. Using 127.0.0.1.

Interesting ports on localhost (127.0.0.1):

Not shown: 994 closed ports

PORT STATE SERVICE

21/tcp open ftp

22/tcp open ssh

25/tcp open smtp

80/tcp open http

3128/tcp open squid-http

3306/tcp open mysql

Device type: general purpose

Running: Linux 2.6.X

OS details: Linux 2.6.15 - 2.6.27

Network Distance: 0 hops



OS detection performed. Please report any incorrect results at http://nmap.org/submit/ .

Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds



netstat -anp | grep 3128



lsof -i | grep 3128







There are two basic approaches for listing the ports that are listening on the network. The less reliable approach is to query the network stack using commands such asor. This method is less reliable since these programs do not connect to the machine from the network, but rather check to see what is running on the system. For this reason, these applications are frequent targets for replacement by attackers. Crackers attempt to cover their tracks if they open unauthorized network ports by replacing netstat and lsof with their own, modified versions.A more reliable way to check which ports are listening on the network is to use a port scanner such as nmap.The following command issued from the console determines which ports are listening for TCP connections from the network:The output of this command appears as follows:Next, check for information about the port usingor. To check for portusing netstat, use the following command:The command returns the following output:tcp 0 0 127.0.0.1:3128 0.0.0.0:* LISTEN 1909/(squid)tcp 0 0 127.0.0.1:3128 127.0.0.1:52913 TIME_WAIT -tcp 0 0 127.0.0.1:3128 127.0.0.1:52914 TIME_WAIT -The lsof command reveals similar information to netstat since it is also capable of linking open ports to services: