BestHub
Sign in
Information Security 8 min read

How to Quickly Identify Open Ports on Linux Using Nmap, Netcat, and Bash

This guide explains multiple practical methods for discovering which ports are open on a Linux system, covering Nmap scans, Netcat probing, and Bash pseudo‑device checks, complete with command examples, option details, and output interpretation.

ITPUB
ITPUB
ITPUB
How to Quickly Identify Open Ports on Linux Using Nmap, Netcat, and Bash

What Is an Open Port

An open port is a network port that accepts incoming packets from remote hosts; it is typically associated with a listening service such as a web server on ports 80 or 443. Exposing unnecessary ports can increase security risk, so only the ports required by an application should remain open.

Checking Open Ports with Nmap

Nmap is a powerful network scanner used for security audits and penetration testing. The following command scans all TCP ports on a target host: $ sudo nmap -sT -p- 10.10.8.8 The -sT option tells Nmap to perform a TCP connect scan, and -p- instructs it to probe every port (1‑65535). Without -p-, Nmap scans only the first 1,000 ports.

Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-09 23:10 CEST
Nmap scan report for 10.10.8.8
Host is up (0.0012s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 08:00:27:05:49:23 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds

The output shows that ports 22 and 80 are open on the target. To scan UDP ports instead, replace -sT with -sU: $ sudo nmap -sU -p- 10.10.8.8 Refer to the Nmap manual page for additional options and advanced features.

Checking Open Ports with Netcat

Netcat (or nc) can probe individual ports or ranges using TCP or UDP. Example for scanning TCP ports 20‑80 on the same host: $ nc -z -v 10.10.8.8 20-80 The -z flag tells Netcat to scan without sending data, and -v enables verbose output.

nc: connect to 10.10.8.8 port 20 (tcp) failed: Connection refused
nc: connect to 10.10.8.8 port 21 (tcp) failed: Connection refused
Connection to 10.10.8.8 22 port [tcp/ssh] succeeded!
...
Connection to 10.10.8.8 80 port [tcp/http] succeeded!

To display only the lines indicating successful connections, pipe the output through grep:

$ nc -z -v 10.10.8.8 20-80 2>&1 | grep succeeded

Scanning UDP ports is similar; add the -u option:

$ nc -z -v -u 10.10.8.8 20-80 2>&1 | grep succeeded

Checking Open Ports with Bash Pseudo‑Devices

Bash can test a port by attempting to open a pseudo‑device under /dev/tcp/ or /dev/udp/. The following snippet checks whether port 443 on kernel.org is reachable, using timeout to avoid long hangs:

if timeout 5 bash -c '</dev/tcp/kernel.org/443 &>/dev/null'
then
  echo "Port is open"
else
  echo "Port is closed"
fi

For a range of ports, a simple loop can be used:

for PORT in {20..80}; do
  timeout 1 bash -c "</dev/tcp/10.10.8.8/$PORT &>/dev/null" && echo "port $PORT is open"
done

Conclusion

The article demonstrates several practical ways to discover open ports on a Linux system—using Nmap, Netcat, Bash pseudo‑devices, or other utilities such as Python’s socket module, curl, telnet, and wget—allowing you to choose the tool that best fits your workflow.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Linuxnetwork securityBashport scanningnmapnetcat
ITPUB
Written by

ITPUB

Official ITPUB account sharing technical insights, community news, and exciting events.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment