how to monitor ports

mhm4 · June 11, 2007, 11:35am

I run into this issue occasionally and just looking for suggestions on how others solved it. I would like to monitor ports on a large number of systems and would like to determine which systems are listening on specific ports. I know there are heavy-weight apps that provide this such as HP ovo but I am looking for some light-weight open source options. I believe a syn scan will be sufficient for my purpose but I have not used any tools previously or not sure if their is a way to use default system tools or commands for this. Also for the those that have used syn scanning, does anyone run into issues due to simulating a syn attack in any of your networks?

Before you relpy, please do not recommend ping as it does not provide the functionality that I am looking for. Also, telnet will not provide this functionality because I do not what to have to script any break out or termination sequences for various connections (ie sendmail - port 25).

reborg · June 11, 2007, 1:57pm

You could use nmap.

blowtorch · June 11, 2007, 7:39pm

lsof might be another option here.

ghostdog74 · June 11, 2007, 9:22pm

I use this Python script to check for port availability for my site. If you have Python, you are try this.

import socket
remote_host="localhost"
for remote_port in [22,901,139]:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(60)
        try:
                sock.connect((remote_host, remote_port))
        except Exception,e:
                print "%d closed " % remote_port                
        else: 
                print "%d open" % remote_port
        sock.close()

sysgate · June 12, 2007, 11:17am

GhostDog, nice one, I just changed it a little bit per my needs, thanks for sharing that.

#!/usr/bin/python

import socket
import sys

if ( len(sys.argv) != 2 ):
    print "Usage: " + sys.argv[0] + " you must enter IP or FQDN"
    sys.exit(1)

remote_host = sys.argv[1]

for remote_port in [22,80,8080,993]:
        sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
        sock.settimeout(60)
        try:
                sock.connect((remote_host, remote_port))
        except Exception,e:
                print "%d closed " % remote_port
        else:
                print "%d open" % remote_port
        sock.close()

mhm4 · June 13, 2007, 12:00pm

Thanks all for your feedback.
I was not aware for nmap. This looks like a great tool.
I love the simplicity of the python script also.
I believe lsof is for the local system, meaning that it must be installed on the local system to gather info which may not be effective for monitoring a large number of systems. Plus, one will have to handle remote login access to run the command.

JeepResQ · June 27, 2008, 8:36am

Good looking script to the both of ya! Gotta love python...or as I call it...miniJava in the Shell! lol