Using Nmap On Linux To Scan For Open Ports

Technology has changed so much from the early days, today we have more and more connected devices. This means more of our lives are dependent on this technology, meaning the security of those devices has become that much more important. In this blog post, we are going to take a look at the Nmap command. It’s a security tool for scanning networks for hosts and services.

What Is A Port?

A port in networking helps the operating system to determine what application traffic should be sent to.

What Are Common Ports?

Many ports are officially or unofficially associated with specific services. However, that doesn’t mean you have to stick to them. To look up the post association for a port this website is rather handy, the website /etc/services will also contain associations for many services.

What Is Port Scanning?

Port scanning is the process of trying to connect to many ports to collect information about ports that are open and what services are behind those ports.

⚠️ Although it isn’t illegal in the US, scanning someone’s network without permission isn’t recommended. To avoid issues it’s recommended to get permission before scanning things that aren’t yours. ⚠️

Introduction To Nmap

Nmap stands for Network Mapper, it’s a command line tool used to scan for hosts and services. Nmap was designed to scan large networks. Since Nmap was released it has gone through many changes and even become popular enough to be mentioned in Hollywood movies.

The Nmap command outputs information about the scanned targets, this information is based on the options provided to the Nmap command. Nmap has many options, though in this post we are focusing on port scanning.

How To Install Nmap

The Nmap package should be available through your operating systems package manager, so it should be a rather easy installation. Search for the package name Nmap and install that package.

For example Ubuntu and Debian

sudo apt install nmap

For RPM systems with DNF

sudo dnf install nmap

Scanning With Nmap

Below are many port scanning examples from the default to scanning all ports.

Default Scan

nmap [IP/Domain]

This is the default port scan for Nmap.

Fast Scan

nmap -F

Scans fewer ports than the default scan.

Scan A Range Of IP Addresses

nmap 192.0.2.1-245

Scans from 192.0.2.1 to 192.0.2.245.

Scanning A Specific Port

nmap -p [port] [IP/Domain]

This command scans a specific port.

Scan Multiple Ports

nmap -p [port 1],[port 2],[port 3] [IP/Domain]

To build on the last command more than one port can be scanned by a comma.

Scanning A Range Of Ports

nmap -p [start port]-[end port] [IP/Domain]

This command scans a port range.

Scan Only TCP

nmap -sT [IP/Domain]

This only scans TCP ports.

Scan Only UDP

nmap -sU [IP/Domain]

This only scans UDP ports.

Scan only the top ports

nmap --top-ports [number of ports] [IP/Domain]

This scans the specified number of the top ports aka the most common ports.

Scan All Ports

nmap -p- [IP/Domain]

Scans from ports 1 to 65535.

Understanding Each State

Open: The port is open and there is a service listing on the port.

Closed: The port is open, but there is no service listening on the port.

Filtered: The port is not responding to the scan.

Unfiltered: Nmap cannot determine if the port is open or closed.

Open|Filtered: Nmap cannot determine if the port is open or filtered.

Closed|Filtered: Nmap cannot determine if the port is closed or filtered.

Conclusion

Nmap, like most security tools, needs to be handled with caution, because of this it’s recommended to not run scans against devices that aren’t yours without permission. In this blog post, we started by introducing background information, and moved into introducing Nmap, and how to install it on Linux. From there moved on to many example commands and what each state means. If you are looking for additional information regarding Nmap, why not check out the official Nmap guide?