Finding out what TCP and UDP Services your remote host is running

InternetPeriscope can help you determine what Internet Services are running on your host by enabling you to do Port Scans on your remote machine.

A Port scan can give you a better idea of what software your machine is running. This is important for the following reasons:

  • Hackers often perform port-scans to determine a host's vulnerabilities. You should know what the hackers see when they scan your machines.
  • A Port Scan can help you to determine what unnecessary services are running on your remote machine. Turning off unneeded services makes it more difficult for a hacker to break into your machine.
  • By periodically performing a Port Scan on your machines, and using the Scan History feature, you can determine if unauthorized (i.e. hacker) software has been installed on your remote host.
  • "Firewalls" often give a false sense of security. By using InternetPeriscope's Port Scan feature from outside the firewall, you can confirm that your firewall is working as expected, and also find what vulnerabilities can still be exploited from outside the firewall.

Before you can perform a Port Scan on a machine, you must first add the host to the console.

Then, right-click on the host, and choose the "Port Scan..." menu item, as shown in the figure.
Port Scan menu

The Port Scan Dialog will appear. Port Scan Dialog

This dialog allows you to scan for TCP and/or UDP ports. Some Internet services use TCP ports, some use UDP ports, and some use both. For example, mail (SMTP) servers use TCP Port 25. BackOrifice, a popular hacker tool, uses UDP Port 31337 (among others). DNS, uses both TCP and UDP port 53. Each Internet Service "listens" on a designated port. To find out which services run on which ports, see Finding out what an Internet Services does (TCP/IP Ports and Descriptions)

You must enter the Start Port and End Port that you want to scan on the selected host. Port numbers range from 1 to 65535. "Well-known" Internet services like ftp, telnet, and mail run in the range 1 - 1024. Many of the better-written hacker utilities run at the higher port numbers. InternetPeriscope includes a list of many port numbers and their descriptions, though new services are being added all the time.

Click on the "Scan" Button to start the scan. The Internet Services that this host is running will appear in the "Ports Found" list box.

After several scans, you can use the scan history button to see a history of the Port Scans you have performed, and the services that were found (or found to have been removed) on each scan.

In addition to scanning your machines for TCP/IP services, you should also determine what Remote Procedure Calls (RPC) Services your machines are running. See Finding out what RPC Services your Unix machines are running and Finding out what RPC Services your Windows machines are running for more information.

Note to techies: Some services that are found by the port scan may be RPC services. The port scan will tell you that these ports are in use, but most likely will not give you a description of these services (RPC services are not typically assigned well known port numbers). To find out what ports are used by RPC services, use the RPC Unix or RPC Windows tools to find out which UDP and TCP ports are used by RPC services.