BestHub
Sign in
Information Security 8 min read

How to Quickly Identify Open Ports on Linux with Nmap, Netcat, and Bash

This guide explains how to discover which ports are open on a Linux system using tools like ss, netstat, lsof, Nmap, Netcat, and Bash pseudo‑devices, providing command examples, output interpretation, and tips for secure port management.

Liangxu Linux
Liangxu Linux
Liangxu Linux
How to Quickly Identify Open Ports on Linux with Nmap, Netcat, and Bash

What Is an Open Port

An open port is a network port that accepts incoming packets from remote hosts. Listening ports can be listed with commands such as ss, netstat, or lsof. Only the ports required by your applications should remain open to reduce security risk.

Scanning Open Ports with Nmap

Nmap is a powerful network scanner used for security audits. The following command scans all TCP ports on a target host: $ sudo nmap -sT -p- 10.10.8.8 The options mean: -sT: TCP connect scan. -p-: Scan all 65535 ports (without it, Nmap scans only the top 1000).

Sample output shows ports 22, 80 and 8069 as open:

Starting Nmap 7.60 ( https://nmap.org ) at 2019-07-09 23:10 CEST
Nmap scan report for 10.10.8.8
Host is up (0.0012s latency).
Not shown: 998 closed ports
PORT   STATE SERVICE
22/tcp open  ssh
80/tcp open  http
MAC Address: 08:00:27:05:49:23 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 0.41 seconds

To scan UDP ports, replace -sT with -sU:

$ sudo nmap -sU -p- 10.10.8.8

Scanning Open Ports with Netcat

Netcat ( nc) can probe TCP or UDP ports. To scan ports 20‑80 on a remote host: $ nc -z -v 10.10.8.8 20-80 Options: -z: Zero‑I/O mode, only scans for open ports. -v: Verbose output.

Typical output:

nc: connect to 10.10.8.8 port 20 (tcp) failed: Connection refused
nc: connect to 10.10.8.8 port 21 (tcp) failed: Connection refused
Connection to 10.10.8.8 22 port [tcp/ssh] succeeded!
...
Connection to 10.10.8.8 80 port [tcp/http] succeeded!

Filter only successful lines with grep succeeded:

$ nc -z -v 10.10.8.8 20-80 2>&1 | grep succeeded

For UDP scanning, add the -u flag:

$ nc -z -v -u 10.10.8.8 20-80 2>&1 | grep succeeded

Checking Ports with Bash Pseudo‑Devices

Bash can test a single port using the /dev/tcp/host/port or /dev/udp/host/port pseudo‑devices. Example to test if port 443 on kernel.org is open:

if timeout 5 bash -c '</dev/tcp/kernel.org/443 &>/dev/null'
then
  echo "Port is open"
else
  echo "Port is closed"
fi

To scan a range, use a loop:

for PORT in {20..80}; do
  timeout 1 bash -c "</dev/tcp/10.10.8.8/$PORT &>/dev/null" && echo "port $PORT is open"
done

Sample output:

port 22 is open
port 80 is open

Conclusion

The article demonstrates several command‑line methods—Nmap, Netcat, Bash pseudo‑devices, and mentions alternatives such as Python sockets, Curl, Telnet, or Wget—to discover open ports on Linux systems, enabling administrators to verify required services and reduce exposure.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

Securityport scanningnmap
Liangxu Linux
Written by

Liangxu Linux

Liangxu, a self‑taught IT professional now working as a Linux development engineer at a Fortune 500 multinational, shares extensive Linux knowledge—fundamentals, applications, tools, plus Git, databases, Raspberry Pi, etc. (Reply “Linux” to receive essential resources.)

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment