How to scan computers in your own home LAN for open ports

Tips, Tricks and Tutorials Tips & Tricks
#1

Hello my fellow Ubuntu Mate users,
I was looking in ‘External Helpful Resources’ in this forum and pfeiffep’s “Test your router & system for vulnerabilities” post caught my attention.
After following the link to GRC ‘Shields Up!’ and having my modem-router firewall scanned, I became interested in running a port scan on computers within my home LAN.

I remember the very first release of Ubuntu, ‘Warty Warthog’, had a utility called ‘Network Tools’, (System, Administration, Network Tools) and it was in every ubuntu release for years.
Today, I was not able to find it, but I did find out it can still be installed.

https://ubuntuforums.org/showthread.php?t=2075876 — ubuntu web forums: Thread: Can’t find Network Tools

sudo apt-get update; sudo apt-get install gnome-nettool

So if you want to conduct a port scan on one of your other computers in your home network, you can do as follows;

  1. In the OS you want to check, (we’ll call it the ‘target’ machine), run the command ifconfig to find out what its current IP address is.
    The IP address in most home networks is assigned out by the router, so alternatively, you can go into your router’s control panel and get the same information if you wish. That way might be quicker if you have a number of computers in your home network to scan, but you will need your admin password for your router.

  2. In a different Gnu-Linux machine which is connected to the same LAN, make sure network tools is installed. In Ubuntu MATE, you can use the same command as shown above here to install it and it should show up in ‘Applications’, ‘System Tools’, ‘Network Tools’.

  3. Open Network tools and go to the Port Scan tab.

  4. In the ‘Network Address’ field, enter your IP address for your target machine, the computer you want to scan for open ports.

  5. Click on the ‘Scan’ button.
    The ‘Scan’ button will change to a ‘stop’ button. Wait a minute and when the scan is complete it will revert to saying ‘Scan’.

  6. If nothing much has happened and no results show up your target computer has passed the test.

There are other tabs there for doing various other networking operations but for now I’m just explaining how to do the port scan.

As far as I know, all ubuntu operating systems should be ‘pure stealth’, (no open ports), when they are newly installed. When people install ‘services’ they might end up with open ports which they may or may not be aware of.

If you find out you do have open ports it might be worth thinking about configuring your IP Tables, (network filtering), but that’s another subject. Otherwise, if you are not using those services, you might be able to close the ports up again simply by uninstalling any of those programs with services you don’t need.

Have fun and stay safe :slight_smile:

4 Likes
#2

Have you ever found an open port on an Ubuntu box?

#3

Hello Coineach,

Certainly. I sometimes use SSH server and that opens port 22.

If you want to see an open port, just install SSH server

sudo apt-get install openssh-server

Now scan your computer for open ports from another Gnu-Linux computer in your LAN.
You should see that port 22 is open. It’s protected by your username and password though.
When you want to close port 22, just uninstall openssh server,

sudo apt-get remove openssh-server

Now when you scan your computer for open ports from another Gnu-Linux computer in your LAN you should see that port 22 is no longer visible.

If we understand the risks and benefits of having ssh server installed, and we have taken appropriate steps to ensure a suitable level of security for our purposes, ssh can be extremely useful to us.
However, if we’re not using it or if we haven’t thought about using enough security measures (weak passwords), then the risks might outweigh the benefits.

2 Likes