Scan for Open Ports using Netcat

You are probably well aware of the most popular Portscanner Nmap, but did you know that you can also use Netcat to do basic portscans? Today I will show you how to scan for open ports with Netcat. You probably have used Nmap before and appreciate it’s capabilities.

Yet, if you just want to run a quick and basic Portscan, you can also use the good old Netcat command for it. In this example, we will utilize Metasploitable2 as a victim and try to scan its open ports using Netcat.


Scan for Open Ports using Netcat

To do a portscan we use the following command.

nc -z -v 1-443


How to scan ports with Netcat
How to scan ports with Netcat

The Portscan finishes almost immediately. A quick rundown of the options:

  1. nc = netcat
  2. -z = Portscanning mode or zero I/O mode
  3. -v = verbose mode
  4. = the IP of your target
  5. 1-443 = The port range we want to scan

As you can see, this is a nice and quick alternative to run a quick portscan directly with Netcat.

There is no specific advantage to use it over Nmap, just that in my experience it can be a little faster. If course, it is not as precise as an intense Nmap scan. So this is really just for running a Portscan in a very short amount of time. It is always good to have  more than one tool at ones disposal.

It happened many times to me that a certain tool wasn’t working as expected and I had to dig out something else to get the job done. So, the more tools you have at your disposal, the better you are off.

To continue this tutorial, I have written another one on how to scan protocol versions using Netcat. Check it out of you want to learn more.

Until next time.

Leave a Comment

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Share via
Copy link
Powered by Social Snap