On Thu, Jan 17, 2002 at 04:06:58PM -0600, Joel Sherrill wrote: > Michael Ossmann wrote: > > > > Yeah, XDMCP runs on UDP/177, which is why it can't easily be secured > > over SSH or tested with telnet. You can use netcat or nmap to test for > > it. > > If you could give instructions on how to test the various ports > to show they are alive, that would be great debugging info > for the writeup.
Sure. The tool I recommend for testing the availability of both TCP and UDP ports is nmap, which is part of several Linux distributions and is also available here: http://www.insecure.org/nmap/ Nmap is a port scanner (or "network mapper") which is a great tool for performing security audits as well as for one-shot tests of specific ports. To test for XDMCP: nmap -sU -p 177 hostname which will probably tell you something like: The 1 scanned port on hostname (IP) is: closed or Interesting ports on hostname (IP): Port State Service 177/udp open xdmcp To test for WinVNC: nmap -sT -p 5900 hostname To test for VNC on multiple screens (:1, :2, :3, etc.) as well as web access for Java VNC: nmap -sT -p 5800-5999 hostname This should yield something like: Interesting ports on hostname (IP): (The 196 ports scanned but not shown below are in state: closed) Port State Service 5801/tcp open vnc 5802/tcp open unknown 5901/tcp open vnc-1 5902/tcp open vnc-2 Note that the service names reported by nmap are guesses that it makes by looking up port numbers in a table and not based on actual protocol analysis. The guesses are generally pretty good for common services and worse for less common services. Nmap has many other features that I won't go into, but here's a little taste: To find all hosts on an entire subnet with any VNC services running: nmap -sT -p 5900-5999 192.168.0.1-254 -- Mike Ossmann, Tarantella/UNIX Engineer/Instructor Alternative Technology, Inc. http://www.alttech.com/ --------------------------------------------------------------------- To unsubscribe, mail [EMAIL PROTECTED] with the line: 'unsubscribe vnc-list' in the message BODY See also: http://www.uk.research.att.com/vnc/intouch.html ---------------------------------------------------------------------
