Networking › Module 4 › Lesson 3
Lab — Port & Connection Check
Use ss and nc to see listeners and test ports locally
Opening
What is listening on your machine?
Before attacking external targets, defenders inventory their own attack surface. ss shows open sockets; nc (netcat) probes whether a port accepts connections. This lab stays on localhost—safe and legal.
1. Step 1 — List Listening Ports
List all listening TCP/UDP portsss -tuln
ss -tuln
Flags: -t TCP, -u UDP, -l listening only, -n numeric ports (no DNS reverse lookups). Look for State LISTEN and note Local Address:Port. Common finds: 53 (system resolver), 631 (printing), or 22 if SSH server is enabled.
2. Step 2 — Filter What Matters
Filter listenersss -tuln | grep LISTEN ss -tln sport = :22
ss -tuln | grep LISTEN ss -tln sport = :22
Compare against your baseline: unexpected listeners on 3389, 445, or high ports may indicate malware or forgotten services.
3. Step 3 — Probe with netcat
Test TCP ports on localhostnc -zv localhost 22 nc -zv localhost 80 nc -zv 127.0.0.1 443
nc -zv localhost 22 nc -zv localhost 80 nc -zv 127.0.0.1 443
-z scan mode, -v verbose. "succeeded" means something accepted the connection; "Connection refused" means nothing is listening.
4. Step 4 — Optional Listener
Terminal 1 — start listenernc -l -p 9999
nc -l -p 9999
Terminal 2 — probe the listenernc -zv localhost 9999
nc -zv localhost 9999
Confirm it appears in ss -tuln. Press Ctrl+C to stop the listener when done.
Complete Port & Connection Lab
Run ss -tuln and record at least three listening ports. Use nc -zv to test two ports on localhost. Write results to ~/cyberlium-lab/port-check.txt including port number, protocol, and whether nc succeeded.