How to scan the ports of a computer and network

Scanning a computer

The netcat command (or simply nc) can be used to scan the ports of a computer.

This example scans localhost for open ports in the range 1-1023:

bpc steph # nc -zv localhost 1-1023
localhost [127.0.0.1] 631 (ipp) open
localhost [127.0.0.1] 443 (https) open
localhost [127.0.0.1] 80 (http) open
localhost [127.0.0.1] 22 (ssh) open

You may be able to use an IP instead of a hostname - nc will attempt to resolve it via inverse host lookup. If you get nothing from the command, then try with the -v flag for verbose output to see what’s going wrong, e.g:

bpc steph # nc -zv 192.168.1.60 22
192.168.1.60: inverse host lookup failed: 
(UNKNOWN) [192.168.1.60] 22 (ssh) open

In this case the IP couldn’t be resolved to a hostname, but providing the hostname worked just fine (as shown above).

Scanning a network

The nmap command can be used to scan the ports of all computers on a network.

This example scans the network 192.168.1 for open ports:

bpc steph # nmap -v -sT 192.168.1.0/24

Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-12 15:07 BST
Initiating ARP Ping Scan at 15:07
Scanning 60 hosts [1 port/host]
Completed ARP Ping Scan at 15:07, 2.43s elapsed (60 total hosts)
Nmap scan report for 192.168.1.0 [host down]
Nmap scan report for 192.168.1.1 [host down]
...
Nmap scan report for 192.168.1.58 [host down]
Nmap scan report for 192.168.1.59 [host down]
Initiating Parallel DNS resolution of 1 host. at 15:07
Completed Parallel DNS resolution of 1 host. at 15:07, 0.00s elapsed
Initiating ARP Ping Scan at 15:07
Scanning 195 hosts [1 port/host]
Completed ARP Ping Scan at 15:07, 3.85s elapsed (195 total hosts)
Initiating Parallel DNS resolution of 195 hosts. at 15:07
Completed Parallel DNS resolution of 195 hosts. at 15:07, 0.00s elapsed
Nmap scan report for 192.168.1.61 [host down]
Nmap scan report for 192.168.1.62 [host down]
...
Nmap scan report for 192.168.1.81 [host down]
Nmap scan report for 192.168.1.82 [host down]
Initiating Connect Scan at 15:07
Scanning 192.168.1.60 [1000 ports]
Discovered open port 22/tcp on 192.168.1.60
Discovered open port 443/tcp on 192.168.1.60
Discovered open port 80/tcp on 192.168.1.60
Completed Connect Scan at 15:07, 0.02s elapsed (1000 total ports)
Nmap scan report for 192.168.1.60
Host is up (0.00044s latency).
Not shown: 997 closed ports
PORT    STATE SERVICE
22/tcp  open  ssh
80/tcp  open  http
443/tcp open  https

Nmap scan report for 192.168.1.84 [host down]
Nmap scan report for 192.168.1.85 [host down]
...
Nmap scan report for 192.168.1.252 [host down]
Nmap scan report for 192.168.1.255 [host down]
Initiating Connect Scan at 15:07
Scanning 5 hosts [1000 ports/host]
Discovered open port 139/tcp on 192.168.1.253
Discovered open port 515/tcp on 192.168.1.253
Completed Connect Scan against 192.168.1.253 in 0.17s (4 hosts left)
Discovered open port 23/tcp on 192.168.1.254
Discovered open port 21/tcp on 192.168.1.254
Discovered open port 80/tcp on 192.168.1.254
Discovered open port 1723/tcp on 192.168.1.254
Discovered open port 443/tcp on 192.168.1.254
Discovered open port 135/tcp on 192.168.1.86
Discovered open port 49152/tcp on 192.168.1.86
Discovered open port 8000/tcp on 192.168.1.254
Completed Connect Scan against 192.168.1.254 in 22.02s (3 hosts left)
Completed Connect Scan against 192.168.1.83 in 22.57s (2 hosts left)
Completed Connect Scan against 192.168.1.87 in 23.01s (1 host left)
Completed Connect Scan at 15:08, 23.35s elapsed (5000 total ports)
Nmap scan report for android-7f67dd30166136f0.lan (192.168.1.83)
Host is up (0.0027s latency).
All 1000 scanned ports on android-7f67dd30166136f0.lan (192.168.1.83) are closed
MAC Address: 60:21:C0:D3:9B:F2 (Unknown)

Nmap scan report for S-PC.lan (192.168.1.86)
Host is up (0.0064s latency).
Not shown: 998 filtered ports
PORT      STATE SERVICE
135/tcp   open  msrpc
49152/tcp open  unknown
MAC Address: 00:11:50:BC:2C:44 (Belkin)

Nmap scan report for S-NB.lan (192.168.1.87)
Host is up (0.0050s latency).
All 1000 scanned ports on S-NB.lan (192.168.1.87) are filtered
MAC Address: 00:26:B6:AF:00:AD (Askey Computer)

Nmap scan report for 192.168.1.253
Host is up (0.0049s latency).
Not shown: 998 closed ports
PORT    STATE SERVICE
139/tcp open  netbios-ssn
515/tcp open  printer
MAC Address: 5A:98:35:9D:7C:4C (Unknown)

Nmap scan report for router (192.168.1.254)
Host is up (0.0010s latency).
Not shown: 994 filtered ports
PORT     STATE SERVICE
21/tcp   open  ftp
23/tcp   open  telnet
80/tcp   open  http
443/tcp  open  https
1723/tcp open  pptp
8000/tcp open  http-alt
MAC Address: 58:98:35:9D:7C:4C (Technicolor)

Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (6 hosts up) scanned in 29.79 seconds
           Raw packets sent: 508 (14.224KB) | Rcvd: 8 (224B)

The netmask of 192.168.1.0/24 is equivalent to 192.168.1.0/255.255.255.0 and means all computers on the network.

References

Last modified: 12/07/2013 Tags: , ,

Related Pages

Other pages possibly of interest:

This website is a personal resource. Nothing here is guaranteed correct or complete, so use at your own risk and try not to delete the Internet. -Stephan

Site Info

mindspill.net © Stephan Dale.

Privacy policy

Go to top