Linux / UNIX: Scanning network for open ports with nmap command

You can use nmap tool for this job. It is flexible in specifying targets. User can scan entire network or selected host or single server. Nmap is also useful to test your firewall rules. namp is metwork exploration tool and security / port scanner. According to nmap man page:
It is an open source tool for network exploration and security auditing. It was designed to rapidly scan large networks, although it works fine against single hosts. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) those hosts are offering, what operating systems (and OS versions) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics. While Nmap is commonly used for security audits, many systems and network administrators find it useful for routine tasks such as network inventory, managing service upgrade schedules, and monitoring host or service uptime.

nmap port scanning

TCP Connect scanning for localhost and network
# nmap -v -sT localhost
# nmap -v -sT

nmap TCP SYN (half-open) scanning

# nmap -v -sS localhost
# nmap -v -sS

nmap TCP FIN scanning

# nmap -v -sF localhost
# nmap -v -sF

nmap TCP Xmas tree scanning

Useful to see if firewall protecting against this kind of attack or not:
# nmap -v -sX localhost
# nmap -v -sX

nmap TCP Null scanning

Useful to see if firewall protecting against this kind attack or not:
# nmap -v -sN localhost
# nmap -v -sN

nmap TCP Windows scanning

# nmap -v -sW localhost
# nmap -v -sW

nmap TCP RPC scanning

Useful to find out RPC (such as portmap) services
# nmap -v -sR localhost
# nmap -v -sR

nmap UDP scanning

Useful to find out UDP ports
# nmap -v -O localhost
# nmap -v -O

nmap remote software version scanning

You can also find out what software version opening the port.
# nmap -v -sV localhost
# nmap -v -sV

A note about Windows XP / 2003 / Vista version

Windows user can find ipEye and IPSecScan utilities useful. Please note that Nmap also runes on Windows OS.

Read the man page of nmap for more information:
$ man nmap

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 7 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
7 comments… add one
  • ammaro May 18, 2008 @ 6:18

    thx for useful command

  • sv Sep 3, 2009 @ 1:55

    Very useful command to monitor network, Thanks a lot.

  • mohammed saud Apr 1, 2010 @ 15:10

    Peace be upon you
    I’ve got a problem in the net I’m Cat, a call from two to your web server does not work and if approached from the server to the device working I use 12 and Fedora before opened in Port modem did not work I would like you to help me in that not very much
    In Fedora 12
    ncat -v -l -p 62323
    ncat -v -l -p 111
    and from 1 to 4444
    open port dosn’t work
    please help me

  • Rajesh Jun 19, 2010 @ 5:48

    nmap -v -sT localhost ———gives the following output for me

    Discovered open port 22/tcp on
    Discovered open port 53/tcp on
    Discovered open port 25/tcp on
    Discovered open port 443/tcp on
    Discovered open port 111/tcp on
    Discovered open port 8080/tcp on
    Discovered open port 80/tcp on
    Discovered open port 3128/tcp on

    22/tcp open ssh
    25/tcp open smtp
    53/tcp open domain
    80/tcp open http
    111/tcp open rpcbind
    443/tcp open https
    3128/tcp open squid-http
    8080/tcp open http-proxy

    I am not able to get gmail or yahoo mail to dhcp client. But I am able to get for clients with fixed ip…

    Where I am wrong ?

    I tried with Centos 5 and Fedora 13.
    using squid Transparent proxy and dansguardian….

    Any help is appreciated…


  • satish Oct 4, 2012 @ 12:19

    this commands is very very useful please read everyone.

  • alireza seighalani Dec 27, 2012 @ 16:48


    thanks man.

    udp scan is -sU not -O . please double check.

  • Andriy Jul 18, 2017 @ 15:53

    Your articles very help me for understanding Linux.
    Thank You

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum