Scan Ports With netcat Command in Linux

Whether you want to use SSH on an alternate port or deploy a web application to a specific port, the first step will always be to check whether the port is being utilized.

The netcat utility is one of the preferred tools to troubleshoot networks and can also be used to scan ports.

For example, If I want to check whether port number 22 is open on my local VM, I'll use the netcat command like this:

nc -zvn 192.168.1.6 22

And as you can see, port no 22 is open for connections. That was easy.

But wait, there's more you can do with the netcat command.

Scanning ports with the netcat command

You need to install netcat command first as it doesn't come preinstalled in many distributions.

For Debian/Ubuntu-based distros:

sudo apt install netcat

For Fedora and RHEL:

sudo dnf install nc 

Now, let's start with scanning multiple ports.

Scan multiple ports using the netcat command

To scan multiple ports at once using the netcat, you'd need to follow the given command syntax:

nc -zvn <target> port1 port2 port3

Here,

  • -z is used to instruct netcat to scan ports without establishing a connection.
  • -v produces more verbose output.
  • -n stops netcat to perform domain name resolution.

Scan ports within a specific range using the netcat command

Indeed, you can use the previous method to scan for multiple ports but what if you want to scan more than 50 or 100 ports? You can define the range.

For example, If I want to scan ports ranging from 1 to 100, this would be my command:

nc -vz -w3 google.com 1-100
sagar@LHB:~$ nc -vz -w3 google.com 1-100
nc: connect to google.com (142.250.183.110) port 1 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 1 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 2 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 2 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 3 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 3 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 4 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 4 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 5 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 5 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 6 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 6 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 7 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 7 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 8 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 8 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 9 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 9 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 10 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 10 (tcp) failed: Network is unreachabl

Of course, it's google, and you can't expect to have them ports open for you. But you can use this for your server and might find open ports

Seems pretty long list of unavailable ports right? In this case, you can use the grep command to fetch only the open ports:

netcat -w1 -znv 192.168.1.6 1-100 2>&1 | grep succeeded

Here,

  • -w1 will force the netcat command to wait for 1 second for each port.
  • 2&1 redirects standard error.
Common Networking Port Numbers in Linux
Here are the common networking ports you’ll encounter in Linux.

Wrapping Up

This was a quick guide on scanning open ports using the netcat command. Since you have found the opened ones, perhaps you would like to know how to close those ports.

I hope this guide resolves any queries you previously had and if not, let me know in the comments.