You want a listing of open network ports on your system.

Probe your ports from a remote system.

To test a specific TCP port (e.g., SSH):

$ telnet target.example.com ssh
$ nc -v -z target.example.com ssh

To scan most of the interesting TCP ports:

# nmap -v target.example.com

To test a specific UDP port (e.g., 1024):

$ nc -v -z -u target.example.com 1024

To scan most of the interesting UDP ports (slowly!):

# nmap -v -sU target.example.com

To do host discovery (only) for a range of addresses, without port scanning:

# nmap -v -sP 10.12.104.200-222

To do operating system fingerprinting:

# nmap -v -O target.example.com

For a handy (but less flexible) GUI, run nmapfe instead of nmap.

When attackers observe your systems from the outside, what do they see? Obviously, you want to present an image of an impenetrable fortress, not a vulnerable target. You’ve designed your defenses accordingly: a carefully constructed firewall, secure network services, etc. But how can you really be sure?

You don’t need to wait passively to see what will happen next. Instead, actively test your own armor with the same tools the attackers will use.

Your vulnerability to attack is influenced by several interacting factors: