How to Do a Basic Port Scan with Nmap Updated on November 2, 2021 by InMotion Hosting Contributor 2 Minutes, 11 Seconds to Read Closing unnecessary ports on your server is an important process for PCI compliance and server hardening in general. This reduces what information cyber attackers can easily gather about your web server and services to exploit. This also applies to Small Office / Home Office (SOHO) networks. To scan your local network, you need to know your local router’s internal IP address. The easiest way to scan for open ports on your server or network depends on your workflow and desktop operating system (OS). Source: Nmap.org macOS users can use the pre-installed Port Scan utilityUnix desktop users can scan a single port with the pre-installed Netcat (Nc)Fast VPS / Dedicated server hosting administrators can use the ConfigServer Security & Firewall (CSF) View Listening Ports function For those who prefer a desktop application for scanning multiple ports and banner grabbing (e.g. Nginx server version), there’s Nmap. Nmap (Network Mapper) is a popular cross-platform desktop CLI application for scanning multiple ports on a server or router. Nmap doesn’t just list open ports. It provides in-depth information on services sharing information that could be used to exploit your system. Nmap is bundled with other programs: Zenmap GUI application for NmapNcat quickly scans a single port and moreNdiff compares scan resultsNping does packet generation and response analysis Below, we’ll cover the basics of port scanning with Nmap: Verbose Port ScanTCP port scanningUDP port scanning Develop your next web app with our secure Cloud Server Hosting. Port Scan with Nmap The basic command format is nmap, necessary flags, then the domain / server IP / server hostname (part of your temporary URL). nmap domain.com Your results will show open ports and it’s dedicated service: Starting Nmap 7.60 ( https://nmap.org ) at 2020-01-01 09:00 EDTNmap scan report for domain.com (1.2.3.4)Host is up (0.010s latency).rDNS record for 1.2.3.4: server.hostname.comNot shown: 1000 closed portsPORT STATE SERVICE21/tcp open ftp25/tcp open smtp53/tcp open domain80/tcp open http110/tcp open pop3143/tcp open imap443/tcp open httpsNmap done: 1 IP address (1 host up) scanned in 1.59 seconds Verbose Port Scan on a Domain: Add the following flags for more information on the system and ports: -A detects OS, software version, and scripts-v provides verbose information nmap -v -A domain.com For easier review later, output verbose Nmap results to a file: nmap -v -A domain.com -oN results.txt Scan Specific TCP Ports In this example, ports 21 (FTP), 22 (default SSH port), and 3306 (MySQL): nmap -p 21,22,3306 domain.com Scan UDP ports, Timeout After 5 Minutes: A specified timeout can be useful when dealing with slow servers. nmap -sU domain.com --host-timeout 5m Learn more about nmap with the manual: man nmap Share this Article InMotion Hosting Contributor Content Writer InMotion Hosting contributors are highly knowledgeable individuals who create relevant content on new trends and troubleshooting techniques to help you achieve your online goals! More Articles by InMotion Hosting Related Articles How to SSH Into Your Shared/Reseller Server SSH Commands: The Practical Guide for Developers and Site Owners How to Connect to Your Server with SSH How to Use SCP For Secure File Transfer A Complete SSH Tutorial for Beginners How to Connect to Your Server via SSH How to View MariaDB Databases Using the Command Line How to Add SSH Keys to Your GitHub Account How to Change Directories using SSH Commands Viewing Running Processes on your Dedicated Server
