I was thinking netstat -ln to see what's listening. lsof -i <suspect port> last resort use tcpdump run nmap from an outside box --see what available.