Scanning a computer
The netcat
command (or simply nc
) can be used to scan the ports of a computer.
This example scans localhost for open ports in the range 1-1023:
bpc steph # nc -zv localhost 1-1023
localhost [127.0.0.1] 631 (ipp) open
localhost [127.0.0.1] 443 (https) open
localhost [127.0.0.1] 80 (http) open
localhost [127.0.0.1] 22 (ssh) open
You may be able to use an IP instead of a hostname - nc
will attempt to resolve it via inverse host lookup. If you get nothing from the command, then try with the -v flag for verbose output to see what’s going wrong, e.g:
bpc steph # nc -zv 192.168.1.60 22
192.168.1.60: inverse host lookup failed:
(UNKNOWN) [192.168.1.60] 22 (ssh) open
In this case the IP couldn’t be resolved to a hostname, but providing the hostname worked just fine (as shown above).
Scanning a network
The nmap
command can be used to scan the ports of all computers on a network.
This example scans the network 192.168.1 for open ports:
bpc steph # nmap -v -sT 192.168.1.0/24
Starting Nmap 6.25 ( http://nmap.org ) at 2013-07-12 15:07 BST
Initiating ARP Ping Scan at 15:07
Scanning 60 hosts [1 port/host]
Completed ARP Ping Scan at 15:07, 2.43s elapsed (60 total hosts)
Nmap scan report for 192.168.1.0 [host down]
Nmap scan report for 192.168.1.1 [host down]
...
Nmap scan report for 192.168.1.58 [host down]
Nmap scan report for 192.168.1.59 [host down]
Initiating Parallel DNS resolution of 1 host. at 15:07
Completed Parallel DNS resolution of 1 host. at 15:07, 0.00s elapsed
Initiating ARP Ping Scan at 15:07
Scanning 195 hosts [1 port/host]
Completed ARP Ping Scan at 15:07, 3.85s elapsed (195 total hosts)
Initiating Parallel DNS resolution of 195 hosts. at 15:07
Completed Parallel DNS resolution of 195 hosts. at 15:07, 0.00s elapsed
Nmap scan report for 192.168.1.61 [host down]
Nmap scan report for 192.168.1.62 [host down]
...
Nmap scan report for 192.168.1.81 [host down]
Nmap scan report for 192.168.1.82 [host down]
Initiating Connect Scan at 15:07
Scanning 192.168.1.60 [1000 ports]
Discovered open port 22/tcp on 192.168.1.60
Discovered open port 443/tcp on 192.168.1.60
Discovered open port 80/tcp on 192.168.1.60
Completed Connect Scan at 15:07, 0.02s elapsed (1000 total ports)
Nmap scan report for 192.168.1.60
Host is up (0.00044s latency).
Not shown: 997 closed ports
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
443/tcp open https
Nmap scan report for 192.168.1.84 [host down]
Nmap scan report for 192.168.1.85 [host down]
...
Nmap scan report for 192.168.1.252 [host down]
Nmap scan report for 192.168.1.255 [host down]
Initiating Connect Scan at 15:07
Scanning 5 hosts [1000 ports/host]
Discovered open port 139/tcp on 192.168.1.253
Discovered open port 515/tcp on 192.168.1.253
Completed Connect Scan against 192.168.1.253 in 0.17s (4 hosts left)
Discovered open port 23/tcp on 192.168.1.254
Discovered open port 21/tcp on 192.168.1.254
Discovered open port 80/tcp on 192.168.1.254
Discovered open port 1723/tcp on 192.168.1.254
Discovered open port 443/tcp on 192.168.1.254
Discovered open port 135/tcp on 192.168.1.86
Discovered open port 49152/tcp on 192.168.1.86
Discovered open port 8000/tcp on 192.168.1.254
Completed Connect Scan against 192.168.1.254 in 22.02s (3 hosts left)
Completed Connect Scan against 192.168.1.83 in 22.57s (2 hosts left)
Completed Connect Scan against 192.168.1.87 in 23.01s (1 host left)
Completed Connect Scan at 15:08, 23.35s elapsed (5000 total ports)
Nmap scan report for android-7f67dd30166136f0.lan (192.168.1.83)
Host is up (0.0027s latency).
All 1000 scanned ports on android-7f67dd30166136f0.lan (192.168.1.83) are closed
MAC Address: 60:21:C0:D3:9B:F2 (Unknown)
Nmap scan report for S-PC.lan (192.168.1.86)
Host is up (0.0064s latency).
Not shown: 998 filtered ports
PORT STATE SERVICE
135/tcp open msrpc
49152/tcp open unknown
MAC Address: 00:11:50:BC:2C:44 (Belkin)
Nmap scan report for S-NB.lan (192.168.1.87)
Host is up (0.0050s latency).
All 1000 scanned ports on S-NB.lan (192.168.1.87) are filtered
MAC Address: 00:26:B6:AF:00:AD (Askey Computer)
Nmap scan report for 192.168.1.253
Host is up (0.0049s latency).
Not shown: 998 closed ports
PORT STATE SERVICE
139/tcp open netbios-ssn
515/tcp open printer
MAC Address: 5A:98:35:9D:7C:4C (Unknown)
Nmap scan report for router (192.168.1.254)
Host is up (0.0010s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE
21/tcp open ftp
23/tcp open telnet
80/tcp open http
443/tcp open https
1723/tcp open pptp
8000/tcp open http-alt
MAC Address: 58:98:35:9D:7C:4C (Technicolor)
Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (6 hosts up) scanned in 29.79 seconds
Raw packets sent: 508 (14.224KB) | Rcvd: 8 (224B)
The netmask of 192.168.1.0/24 is equivalent to 192.168.1.0/255.255.255.0 and means all computers on the network.