Open main menu

CDOT Wiki β

Changes

OPS235 Lab 6 - Fedora17

1,697 bytes added, 14:58, 4 March 2010
Investigation 7: How can I see what network services or ports are active on my Fedora system?
{{Admon/note | Please take note! | When our Fedora system provides any services on a network, those services are accessible through a port number. All network services are configured to be accessed on a particular port number. By examining which ports are active on our system we can know what services (and points of attack) are available on our system. The ability to examine this information is important for troubleshooting network services and securing our systems. One great tool for this is the <code>netstat</code> command.}}
 
* On your fedora host execute the command <code>netstat -at</code>
* This command will list all active TCP ports. Note the state of your ports.
* TCP is a connection oriented protocol that uses a handshaking mechanism to establish a connection. Those ports that show a state of LISTEN are waiting for connection requests to a particular service. For example you should see the <code>ssh</code> service in a LISTEN state as it is waiting for connections.
* From one of your VM's login to your host using <code>ssh</code>
* On the fedora host rerun the command and in addition to the LISTEN port it should list a 2nd entry with a state of ESTABLISHED. This shows that there is a current connection to your ssh server.
* Exit your ssh connection from the VM and rerun the command on the fedora host. Instead of ESTABLISHED it should now show a state of CLOSE_WAIT. Indicating that the TCP connection is being closed.
* On your fedora host try the command <code>netstat -atn</code>. How is this output different?
* Without the <code>-n</code> option <code>netstat</code> attempts to resolve IP addresses to host names (using /etc/hosts) and port numbers to service names (using /etc/services)
* Examine the <code>/etc/services</code> file and find which ports are used for the services <code>ssh ftp http</code>
* Now execute the command <code>netstat -au</code> What is the difference between <code>-at</code> and <code>-au</code>?
* When examining UDP ports why is there no state?
 
* Using the <code>netstat</code> man page and experimentation make sure you understand how the following options work.
** -at
** -au
** -atp
** -aup
** -atn
** -aun
** -autnp
* Answer the investigation your logbook
=== Investigation 5: IPTABLES -- Basic Function/Configuration ===
9
edits