By following this tutorial, you will learn how to effectively use Linux CLI tools like NMap and NCat to perform a port scan on any server.


  • This is the de facto tool for port scanning right now.
  • Install NMap.
// for RHEL/CentOS
$ sudo yum install nmap -y

// for Ubuntu/Debian
$ sudo apt-get update
$ sudo apt-get install nmap -y
  • Start scanning ports. Note that flags starting with -s* requires sudo.
// simple scan of TCP ports on web host / IP address
$ nmap

// scan a selected range of ip addresses
$ nmap

// scan a selected range of ports
$ nmap -p 1024-2048
$ nmap -p 80,22,25,443,8080

// scan entire subnet for active ip addresses and open ports
$ nmap

// inspect a selected port with increased verbosity
$ sudo nmap -vv --packet-trace -p 22 -sV
  • -A: aggressive scan, scans for everything
  • --iflist: show host interfaces and routes
  • -O --osscan-guess: detect OS
  • --open: only show open (or possibly open) ports
  • -p-: scan for all 65535 ports
  • --packet-trace: show all packets sent and received
  • -Pn: treat all hosts as online (skip host discovery, useful in case the server blocks ping or protected by the firewall)
  • --reason: display the reason a port is in a particular state
  • -sA: find out if a host/network is protected by a firewall
  • -sP: scan in host discovery or ping mode
  • -sO: detect IP protocols
  • -sS: scan in TCP SYN mode
  • sT: scan in TCP Connect mode
  • -sU: scan in UDP mode
  • -sV: probe open ports to determine remote service/version info
  • -v: verbose output

NCat (NetCat)

  • Installed with NMap, this tool can be used to connect services and get its output. Similar to curl IP:PORT.
$ nc 8080

✅ Tested OS's : RHEL 7+, CentOS 7+, Ubuntu 18.04+, Debian 8+
✅ Tested Gear : Cloud (AWS EC2), On-Prem (Bare Metal)

👉 Any questions? Please comment below.

Leave a comment