Easy Steps to List All Open Linux Ports

nmap – the Network Mapper command

An open source tool, nmap is great for exploring your network, scanning it for security vulnerabilities and to audit your network. That said, new users might find nmap challenging to use because it´s so feature-rich: nmap comes with so many options that you might find it difficult to figure out, even if it does mean it is a very robust tool.

It’s worth remembering that nmap will deliver very extensive information about the network that it is scanning. So, do not use nmap on a network unless you have permission to examine it – permission to scan it. You need to have a reason to use nmap, in other words, and the permission of the network owner.

We will now give you a basic overview of nmap including typical usage of the map command. To start off with, here is the instructions you need to install nmap if you have Ubuntu or Debian server:

$ sudo apt-get install nmap

The command is slightly different if you’re using RHEL or CentOS:

$ sudo yum install nmap

There’s a file you can view for a wider picture of ports and services. Use this command:

$ less /usr/share/nmap/nmap-services

It’s an example of exactly how extensive the details are when you use nmap as a tool. If you want to experiment with nmap you could try to check out your own virtual private server, but you could also give nmap a go on the official nmap test server – located at scanme.nmap.org.

To try out some basic nmap commands we will make use of sudo privileges to ensure that the queries give complete results – not partial results. Remember, some nmap commands will take a little bit longer to execute.

Throughout these examples we will make use of mywebsite.com as the example domain; replace your actual domain in place of mywebsite.com when you run this command.

Scanning for open ports on a domain

$ sudo nmap -vv mywebsite.com

Here you can see we have used the -vv flag, which has a specific function. When you use -vv it means “verbose”, in other words, it will show you extensive output, including the process as nmap scans for open ports. Leave out the -vv flag and you will quickly see the difference.

List of ports that are listening for connections via TCP

$ sudo nmap -sT mywebsite.com

You’ll note the -sT flag, this is usually what you’d specify to scan for TCP connections when a SYN scan cannot be performed.

List of ports that are listening for connections via UDP

$ sudo nmap -sU mywebsite.com

So, -sU is what you use to get a UDP scan. However, you can scan for both UDP and TCP connections by using another flag, -sS. You’ll get a list covering both UDP and TCP.

Look at a specific port (instead of all ports)

$ sudo nmap -p port_number mywebsite.com

In this case, -p means that you only look at the port number specified in place of “port_number”.

Scan every open port on both TCP and UDP

$ sudo nmap -n -Pn -sT -sU -p- mywebsite.com

We use two flags here: first -n which specified to nmap that it must not make a reverse domain resolution for an active IP address, where it finds one. -Pn disables pinging, treating all of the hosts as if they are online.

It’s just a few examples but nmap is a fantastic tool that can help you a lot. Remember, typing $ man nmap will give you a full list of all the tools at your disposal; many of these are very useful for exploring the security of your network and finding potentially vulnerable points.