Howto check if ports are open using nmap and netcat

Categories

Howto check if ports are open using nmap and netcat

You are here:

 

Introduction

This guide details howto use nmap and netcat to test for open network ports on your servers and equipment. This is very useful if you are troubleshooting or testing firewall rules and servers whether it is to connect in or if you are testing connecting out to services. Please note: the techniques used in this article should only be used with and to equipment you are authorized to use and connect to.

What are nmap and netcat?

Nmap is a free and open-source network scanner used to discover hosts and services on a computer network by sending packets and analyzing the responses.

Netcat is a general-purpose command-line tool often referred to as the Swiss Army knife for networking. It can be used for reading, writing, redirecting, and encrypting data across a network.

Installing nmap and netcat

Both will be available to install using your OS package installer, for example within CentOS:

yum install nmap
yum install nc

Netcat may be referred to as ncat which is the modern fork of netcat which has modern features and is an improved rewrite of the original netcat project.  ncat is likely to be installed with nmap.

Using nmap

Here are some examples of the usage of nmap. Substitute the IPs and netmasks as necessary.

Scan a network for online hosts

Useful to see what hosts are online on your network. Example, you have a LAN network of 192.168.1.0/24 and want to see which hosts are up using icmp (ping):

$ nmap -sP 192.168.1.0/24

Starting Nmap 6.47 ( http://nmap.org ) at 2021-01-11 08:27 GMT

Nmap scan report for 192.168.1.4
Host is up (0.0068s latency).

Nmap scan report for server1.example (192.168.1.5)
Host is up (0.00078s latency).

Nmap scan report for server2.example (192.168.1.6)
Host is up (0.0014s latency).

...

Nmap done: 256 IP addresses (9 hosts up) scanned in 2.36 seconds

 

Check open ports
Check a single host
$ nmap 192.168.1.100

Starting Nmap 6.47 ( http://nmap.org ) at 2021-02-11 08:32 GMT
Nmap scan report for nas01.example (192.168.1.100)
Host is up (0.0011s latency).
Not shown: 993 closed ports
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
139/tcp  open  netbios-ssn
443/tcp  open  https
445/tcp  open  microsoft-ds
5000/tcp open  upnp
5001/tcp open  commplex-link

Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds
Scan a network
$ nmap 192.168.1.0/24


Starting Nmap 6.47 ( http://nmap.org ) at 2021-02-11 08:33 GMT
Nmap scan report for 192.168.1.4
Host is up (0.0051s latency).
All 1000 scanned ports on 192.168.1.4 are closed


Nmap scan report for server1.example (192.168.1.5)
Host is up (0.0028s latency).
All 1000 scanned ports on server1.example (192.168.1.5) are closed


Nmap scan report for server2.example (192.168.1.6)
Host is up (0.0028s latency).
Not shown: 999 closed ports
PORT   STATE SERVICE
80/tcp open  http

...


Nmap done: 256 IP addresses (6 hosts up) scanned in 7.37 seconds
Scan particular ports
nmap 192.168.1.100 -p 80,443,21,50321

This can also be done against a network.

 

Using netcat

There are many things you can do with netcat (hence why it is called the Swiss Army knife of networking), but one thing I do often is probe a network port to see if it is open.

This is much like the nmap examples used above.

Quick probe of port 80
$ netcat -vz 192.168.1.100 80
Connection to 192.168.1.100 80 port [tcp/http] succeeded!
Connect to a port and send commands

Similar to using telnet. This can be used to test smtp services etc. Example: connect to google.com and get the index.html page

netcat -vt google.com 80

Connection to google.com 80 port [tcp/http] succeeded!

Now send commands:

GET /index.html

HTTP/1.0 200 OK

Date: Thu, 11 Feb 2021 08:43:22 GMT

Expires: -1

Cache-Control: private, max-age=0

 

Previous How to Find All Clients Connected to HTTP or HTTPS Ports
Next Howto Import and Export a MySQL database in SSH
Table of Contents