BestHub
Sign in
Information Security 8 min read

How to Quickly Identify Open Ports on Linux with Nmap, Netcat, and Bash

This guide explains what open ports are and provides step‑by‑step commands using Nmap, Netcat, and Bash pseudo‑devices to discover which TCP or UDP ports are listening on a Linux system, along with safety tips and example outputs.

Liangxu Linux
Liangxu Linux
Liangxu Linux
How to Quickly Identify Open Ports on Linux with Nmap, Netcat, and Bash

What Is an Open Port

An open port is a network port that accepts incoming packets from remote hosts. Listening ports can be listed with tools such as ss, netstat, or lsof. While ports like 80 and 443 are commonly opened for web servers, exposing unnecessary ports can increase security risk.

Checking Open Ports with Nmap

Nmap is a powerful network scanner used for security audits and penetration testing. The following command scans all TCP ports on a target host: $ sudo nmap -sT -p- 10.10.8.8 The -sT option selects a TCP connect scan, and -p- tells Nmap to probe all 65,535 ports. Without -p-, Nmap scans only the default 1,000 ports.

Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-09 23:10 CEST
Nmap scan report for 10.10.8.8
Host is up (0.0012s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 08:00:27:05:49:23 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds

The output shows that ports 22, 80, and 8069 are open on the target. To scan UDP ports, replace -sT with -sU:

$ sudo nmap -sU -p- 10.10.8.8

Checking Open Ports with Netcat

Netcat (or nc) can read and write data over TCP or UDP connections. Use it to probe a range of ports: $ nc -z -v 10.10.8.8 20-80 The -z flag tells Netcat to scan without sending data, and -v enables verbose output. Sample output:

nc: connect to 10.10.8.8 port 20 (tcp) failed: Connection refused
nc: connect to 10.10.8.8 port 21 (tcp) failed: Connection refused
Connection to 10.10.8.8 22 port [tcp/ssh] succeeded!
...
Connection to 10.10.8.8 80 port [tcp/http] succeeded!

To show only successful connections, pipe the result through grep succeeded:

$ nc -z -v 10.10.8.8 20-80 2>&1 | grep succeeded

Scanning UDP ports is similar; add the -u option:

$ nc -z -v -u 10.10.8.8 20-80 2>&1 | grep succeeded

Checking Open Ports with Bash Pseudo‑Devices

Bash can test connectivity using the special pseudo‑devices /dev/tcp/host/port or /dev/udp/host/port. Example to test whether port 443 on kernel.org is reachable:

if timeout 5 bash -c '</dev/tcp/kernel.org/443 &>/dev/null'
then
  echo "Port is open"
else
  echo "Port is closed"
fi

For a range of ports, a simple loop works:

for PORT in {20..80}; do
  timeout 1 bash -c "</dev/tcp/10.10.8.8/$PORT &>/dev/null" && echo "port $PORT is open"
done

Conclusion

The article demonstrates several practical ways to discover open ports on a Linux system using Nmap, Netcat, Bash pseudo‑devices, and mentions that other tools such as Python’s socket module, curl, telnet, or wget can achieve the same goal.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

network securityport scanningnmap
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment