How to scan ports with Netcat

You are probably well aware of the most popular Portscanner Nmap, but did you know that you can also use Netcat to do basic portscans? Today I will show you how to scan ports with Netcat. You probably have used Nmap before and appreciate it’s capabilities.

Yet, if you just want to run a quick and basic Portscan, you can also use the good old Netcat command for it. In this example, we will utilize Metasploitable2 as a victim and try to scan its open ports using Netcat.


Scanning ports with Netcat

To do a portscan we use the following command.

nc -z -v 1-443


How to scan ports with Netcat
How to scan ports with Netcat

The Portscan finishes almost immediately. A quick rundown of the options:

  1. nc = netcat
  2. -z = Portscanning mode or zero I/O mode
  3. -v = verbose mode
  4. = the IP of your target
  5. 1-443 = The port range we want to scan

As you can see, this is a nice and quick alternative to run a quick portscan directly with Netcat.

There is no specific advantage to use it over Nmap, just that in my experience it can be a little faster. If course, it is not as precise as an intense Nmap scan. So this is really just for running a Portscan in a very short amount of time.

Until next time.

One thought on “How to scan ports with Netcat

Leave a Reply