✅ Tested OS's : RHEL 7+, CentOS 7+, Ubuntu 18.04+, Debian 8+
✅ Tested Gear : Cloud (AWS EC2), On-Prem (Bare Metal)

By following this tutorial, you will learn how to effectively use Linux CLI tools (NMap, NCat, Telnet etc.) to perform a port scan on any server.

NMap

  • This is the de facto tool for port scanning right now.
  • Install NMap.
// for RHEL/CentOS
$ sudo yum install nmap -y

// for Ubuntu/Debian
$ sudo apt-get update
$ sudo apt-get install nmap -y
  • Start scanning ports. Note that flags starting with -s* requires sudo.
// simple scan of TCP ports on web host / IP address
$ nmap 192.168.8.201

// scan a selected range of ip addresses
$ nmap 192.168.8.201-50

// scan a selected range of ports
$ nmap -p 1024-2048 192.168.8.201
$ nmap -p 80,22,25,443,8080 192.168.8.201

// scan entire subnet for active ip addresses and open ports
$ nmap 192.168.8.0/24

// inspect a selected port with increased verbosity
$ sudo nmap -vv --packet-trace -p 22 -sV 192.168.8.201
  • -A: aggressive scan, scans for everything
  • --iflist: show host interfaces and routes
  • -O --osscan-guess: detect OS
  • --open: only show open (or possibly open) ports
  • -p-: scan for all 65535 ports
  • --packet-trace: show all packets sent and received
  • -Pn: treat all hosts as online (skip host discovery, useful in case the server blocks ping or protected by the firewall)
  • --reason: display the reason a port is in a particular state
  • -sA: find out if a host/network is protected by a firewall
  • -sP: scan in host discovery or ping mode
  • -sO: detect IP protocols
  • -sS: scan in TCP SYN mode
  • sT: scan in TCP Connect mode
  • -sU: scan in UDP mode
  • -sV: probe open ports to determine remote service/version info
  • -v: verbose output

NCat (NetCat)

  • Installed with NMap, this tool can be used to connect services and get its output. Similar to curl IP:PORT.
$ nc 192.168.8.201 8080

Leave a comment