Howto check if ports are open using nmap and netcat
Introduction
This guide details howto use nmap and netcat to test for open network ports on your servers and equipment. This is very useful if you are troubleshooting or testing firewall rules and servers whether it is to connect in or if you are testing connecting out to services. Please note: the techniques used in this article should only be used with and to equipment you are authorized to use and connect to.
What are nmap and netcat?
Nmap is a free and open-source network scanner used to discover hosts and services on a computer network by sending packets and analyzing the responses.
Netcat is a general-purpose command-line tool often referred to as the Swiss Army knife for networking. It can be used for reading, writing, redirecting, and encrypting data across a network.
Installing nmap and netcat
Both will be available to install using your OS package installer, for example within CentOS:
yum install nmap yum install nc
Netcat may be referred to as ncat which is the modern fork of netcat which has modern features and is an improved rewrite of the original netcat project. ncat is likely to be installed with nmap.
Using nmap
Here are some examples of the usage of nmap. Substitute the IPs and netmasks as necessary.
Scan a network for online hosts
Useful to see what hosts are online on your network. Example, you have a LAN network of 192.168.1.0/24 and want to see which hosts are up using icmp (ping):
$ nmap -sP 192.168.1.0/24 Starting Nmap 6.47 ( http://nmap.org ) at 2021-01-11 08:27 GMT Nmap scan report for 192.168.1.4 Host is up (0.0068s latency). Nmap scan report for server1.example (192.168.1.5) Host is up (0.00078s latency). Nmap scan report for server2.example (192.168.1.6) Host is up (0.0014s latency). ... Nmap done: 256 IP addresses (9 hosts up) scanned in 2.36 seconds
Check open ports
Check a single host
$ nmap 192.168.1.100 Starting Nmap 6.47 ( http://nmap.org ) at 2021-02-11 08:32 GMT Nmap scan report for nas01.example (192.168.1.100) Host is up (0.0011s latency). Not shown: 993 closed ports PORT STATE SERVICE 22/tcp open ssh 80/tcp open http 139/tcp open netbios-ssn 443/tcp open https 445/tcp open microsoft-ds 5000/tcp open upnp 5001/tcp open commplex-link Nmap done: 1 IP address (1 host up) scanned in 0.28 seconds
Scan a network
$ nmap 192.168.1.0/24 Starting Nmap 6.47 ( http://nmap.org ) at 2021-02-11 08:33 GMT Nmap scan report for 192.168.1.4 Host is up (0.0051s latency). All 1000 scanned ports on 192.168.1.4 are closed Nmap scan report for server1.example (192.168.1.5) Host is up (0.0028s latency). All 1000 scanned ports on server1.example (192.168.1.5) are closed Nmap scan report for server2.example (192.168.1.6) Host is up (0.0028s latency). Not shown: 999 closed ports PORT STATE SERVICE 80/tcp open http ... Nmap done: 256 IP addresses (6 hosts up) scanned in 7.37 seconds
Scan particular ports
nmap 192.168.1.100 -p 80,443,21,50321
This can also be done against a network.
Using netcat
There are many things you can do with netcat (hence why it is called the Swiss Army knife of networking), but one thing I do often is probe a network port to see if it is open.
This is much like the nmap examples used above.
Quick probe of port 80
$ netcat -vz 192.168.1.100 80 Connection to 192.168.1.100 80 port [tcp/http] succeeded!
Connect to a port and send commands
Similar to using telnet. This can be used to test smtp services etc. Example: connect to google.com and get the index.html page
netcat -vt google.com 80 Connection to google.com 80 port [tcp/http] succeeded! Now send commands: GET /index.html HTTP/1.0 200 OK Date: Thu, 11 Feb 2021 08:43:22 GMT Expires: -1 Cache-Control: private, max-age=0
