Welcome to the community! Read our posting tips, and learn how to earn ranks, levels and badges to get started.

Ask any devices or smart home question in the Devices/Security or Network Troubleshooting Categories.


Happy posting!

how to find the IP address with a open port reported by Fing

PeterFlehmigPeterFlehmig OfficeMember Posts: 3
First Comment Photogenic
in Devices & Security
Getting sometimes reports about a new open unknown TCP Port via Fing...
So anybody an idea how to find out what IP address was opening this TCP port in my network. Looking for a fast and easy way to go behind that ....
Thanks

Best Answers

  • turbonemesisturbonemesis Member Posts: 18
    5 Answers 10 Comments Name Dropper 5 Likes
    ✭✭
    edited July 2020 Accepted Answer
    You could probably just go into your devices in the fing app and run a port scan on each individual device, that should tell you which device it is that is requesting that port to be open when you come across the device that also reports that exact port being open.

    If fing still can't resolve it's ip, you could always cross-reference fing's data with the data reported by your router or else another network scanner like Network Radar 2, LanScan, both of which offer free trials, etc; there are honestly a bunch of different network scanners out there that don't even require a download if you just google "port scanner" and if you know your public ip, you should be able to figure everything out one way or another.

    Lastly, Wireshark is a great tool for tracking open ports' origination and destination. In Wireshark, if you go up to view -> Name Resolution, and click all the boxes, you'll be able to filter on the exact port number in question and it will resolve the name of the device which is sending/receiving requests via your open port.

    You can filter by ports in Wireshark like this: (udp.port == 80 || tcp.port == 80) for the source ports or (udp.dstport == 80 || tcp.dstport == 80) for the dstport. You'll find there is a lot of different ports being used by different devices--most of which are all completely normal.
  • PeterFlehmigPeterFlehmig OfficeMember Posts: 3
    First Comment Photogenic
    Accepted Answer
    Thanks for your answer, however it is some frustrating work to search the whole network for this open port. Most of the time it was not successful because the from Fing reported Port was closed in the meantime. This is a really interesting question if Fing will be able in the future to report an IP to an open Port, otherwise you will have no change to find the IP if the port is closed before you start scanning. Thanks
    Peter
  • turbonemesisturbonemesis Member Posts: 18
    5 Answers 10 Comments Name Dropper 5 Likes
    ✭✭
    edited July 2020 Accepted Answer
    I agree with you that it would be nice if fing showed more of the inter-device communications which may have led to that open port. If you are good with computers, you can always look into network intrusion detection systems, most of which would give you the granularity you seem to be looking for.

    Also, the port could just be open on your router itself. Like if you go into view (fingbox) => network => vulnerability test, that one is just testing your router. The open port could just be originating from your router itself. Regardless, you can always block open ports on your router by simply logging into its admin dashboard under firewall settings. That should block that port from being opened to the whole world at least. But I think you will find different ports are common and needed for certain devices on your network to function properly. 

    P.s. Check out little snitch as well, it's pretty awesome if you are most concerned about your computer. That and Murus2.
    PeterFlehmig

Answers

  • turbonemesisturbonemesis Member Posts: 18
    5 Answers 10 Comments Name Dropper 5 Likes
    ✭✭
    edited July 2020
    I'm guessing the scan you are referring to in which fing is reporting there being open ports on your network, I'm guessing you are referring to the scan which can be accessed via the mobile app by clicking on view (fingbox) => network => vulnerability test right? Or are you just doing a network wide "find open ports" scan from the home page of the app on your public ip's host?

    Either way, I do agree with you that it would be nice if fing could like show you more of the inter-device communications which led to that port being open, and how they all map to each other and whatnot.

    The port could also just be opened on your router itself; you can always change your router's firewall to close off specific ports via its admin dashboard if that is what is ultimately concerning you the most.

    P.s. As per my previous comment, you should only have to scan the active or currently connected devices to find out which device might be requesting that port to be open. If you really want to dig deep and you are good with computers, look into "network intrusion detection system". Some of those give you the granularity you seem to be looking for, some are even based on ai. I hope I have helped, good luck!
  • PeterFlehmigPeterFlehmig OfficeMember Posts: 3
    First Comment Photogenic
    Thanks, I just will check the recommended tools and see how far it goes...
Sign In or Register to comment.