Scan Ports With netcat Command in Linux
Whether you want to use SSH on an alternate port or deploy a web application to a specific port, the first step will always be to check whether the port is being utilized.
The netcat utility is one of the preferred tools to troubleshoot networks and can also be used to scan ports.
For example, If I want to check whether port number 22 is open on my local VM, I'll use the netcat command like this:
nc -zvn 192.168.1.6 22
And as you can see, port no 22 is open for connections. That was easy.
But wait, there's more you can do with the netcat command.
Scanning ports with the netcat command
You need to install netcat command first as it doesn't come preinstalled in many distributions.
For Debian/Ubuntu-based distros:
sudo apt install netcat
For Fedora and RHEL:
sudo dnf install nc
Now, let's start with scanning multiple ports.
Scan multiple ports using the netcat command
To scan multiple ports at once using the netcat, you'd need to follow the given command syntax:
nc -zvn <target> port1 port2 port3
Here,
-z
is used to instruct netcat to scan ports without establishing a connection.-v
produces more verbose output.-n
stops netcat to perform domain name resolution.
Scan ports within a specific range using the netcat command
Indeed, you can use the previous method to scan for multiple ports but what if you want to scan more than 50 or 100 ports? You can define the range.
For example, If I want to scan ports ranging from 1 to 100, this would be my command:
nc -vz -w3 google.com 1-100
sagar@LHB:~$ nc -vz -w3 google.com 1-100
nc: connect to google.com (142.250.183.110) port 1 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 1 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 2 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 2 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 3 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 3 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 4 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 4 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 5 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 5 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 6 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 6 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 7 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 7 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 8 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 8 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 9 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 9 (tcp) failed: Network is unreachable
nc: connect to google.com (142.250.183.110) port 10 (tcp) timed out: Operation now in progress
nc: connect to google.com (2404:6800:4009:823::200e) port 10 (tcp) failed: Network is unreachabl
Of course, it's google, and you can't expect to have them ports open for you. But you can use this for your server and might find open ports
Seems pretty long list of unavailable ports right? In this case, you can use the grep command to fetch only the open ports:
netcat -w1 -znv 192.168.1.6 1-100 2>&1 | grep succeeded
Here,
-w1
will force the netcat command to wait for 1 second for each port.2&1
redirects standard error.
Wrapping Up
This was a quick guide on scanning open ports using the netcat command. Since you have found the opened ones, perhaps you would like to know how to close those ports.
I hope this guide resolves any queries you previously had and if not, let me know in the comments.