C

Networking › Module 4 › Lesson 3

BeginnerModule 4Lesson 3/4

Lab — Port & Connection Check

Use ss and nc to see listeners and test ports locally

25 min+41 XP
Module progress3 of 4

Opening

What is listening on your machine?

Before attacking external targets, defenders inventory their own attack surface. ss shows open sockets; nc (netcat) probes whether a port accepts connections. This lab stays on localhost—safe and legal.

1. Step 1 — List Listening Ports

List all listening TCP/UDP portsss -tuln

ss -tuln

Flags: -t TCP, -u UDP, -l listening only, -n numeric ports (no DNS reverse lookups). Look for State LISTEN and note Local Address:Port. Common finds: 53 (system resolver), 631 (printing), or 22 if SSH server is enabled.

2. Step 2 — Filter What Matters

Filter listenersss -tuln | grep LISTEN ss -tln sport = :22

ss -tuln | grep LISTEN
ss -tln sport = :22

Compare against your baseline: unexpected listeners on 3389, 445, or high ports may indicate malware or forgotten services.

3. Step 3 — Probe with netcat

Test TCP ports on localhostnc -zv localhost 22 nc -zv localhost 80 nc -zv 127.0.0.1 443

nc -zv localhost 22
nc -zv localhost 80
nc -zv 127.0.0.1 443

-z scan mode, -v verbose. "succeeded" means something accepted the connection; "Connection refused" means nothing is listening.

4. Step 4 — Optional Listener

Terminal 1 — start listenernc -l -p 9999

nc -l -p 9999

Terminal 2 — probe the listenernc -zv localhost 9999

nc -zv localhost 9999

Confirm it appears in ss -tuln. Press Ctrl+C to stop the listener when done.

Complete Port & Connection Lab

Run ss -tuln and record at least three listening ports. Use nc -zv to test two ports on localhost. Write results to ~/cyberlium-lab/port-check.txt including port number, protocol, and whether nc succeeded.

← Previous