How to Quickly Identify Open Ports on Linux with Nmap, Netcat, and Bash

Introduction

Whether you need to troubleshoot network connectivity or configure a firewall, the first step is to check which ports are actually open on the system.

This article introduces several fast methods to discover which ports are exposed on a Linux system.

What is an open port

An open (listening) port is a network port that accepts incoming packets from remote hosts. You can list listening ports using commands such as ss, netstat or lsof. Firewalls can enable or block each port.

For example, a web server listening on ports 80 and 443 that is allowed through the firewall can be accessed via a browser; in this case ports 80 and 443 are open.

Open ports can pose security risks because attackers may exploit services running on them, so you should only expose ports required by your applications and close the rest.

1. Check open ports with Nmap

Nmap is a powerful network scanner used for security audits and penetration testing. It can scan single hosts or large networks and also detect MAC addresses, OS types, kernel versions, etc.

Install Nmap if it is not present: yum install nmap

To list TCP listening ports:

-sT tells Nmap to scan TCP ports, -p- scans all 65535 ports. Without -p- Nmap scans only the first 1000 ports. The example shows ports 22, 40402 and 49354 are open.

To scan UDP ports, replace -sT with -sU:

2. Check open ports with Netcat

Netcat (nc) is a command‑line utility that can read and write data over TCP or UDP connections. It can scan a single port or a range of ports.

First install Netcat:

# step 1: download netcat source
wget http://sourceforge.net/projects/netcat/files/netcat/0.7.1/netcat-0.7.1.tar.gz

# step 2: extract
tar -zxvf netcat-0.7.1.tar.gz -C /usr/local

# step 3: rename folder
cd /usr/local
mv netcat-0.7.1 netcat

# step 4: compile and install
cd /usr/local/netcat
./configure
make && make install

# step 5: add to PATH
export NETCAT_HOME=/usr/local/netcat
export PATH=$PATH:$NETCAT_HOME/bin

# step 6: apply changes
source /etc/profile

Example: scan TCP ports 20‑80 on remote host 10.43.187.251

The -z option makes nc only scan for open ports without sending data; -v provides verbose output.

To scan UDP ports, use:

nc -vz -u 10.43.187.251 20-80

3. Check open ports with Bash pseudo‑devices

You can also test a port by trying to open a connection to the pseudo‑device /dev/tcp/… or /dev/udp/… from a Bash script.

Example: check whether port 443 on kernel.org is open:

if timeout 5 bash -c '</dev/tcp/kernel.org/443 &>/dev/null'
then
  echo "Port is open"
else
  echo "Port is closed"
fi

Output: Port is open You can loop over a range of ports:

for PORT in {20..80}; do
  timeout 1 bash -c "</dev/tcp/192.168.1.251/$PORT &>/dev/null" && echo "port $PORT is open"
done

Sample output:

port 22 is open
port 80 is open

Conclusion

The methods above demonstrate how to use Nmap, Netcat, Bash pseudo‑devices and other tools such as Python’s socket module, curl, telnet or wget to discover open ports on a Linux system.