• Get application security done the right way! Detect, Protect, Monitor, Accelerate, and more…
  • Scan thousands of ports in a second.

    How do you know the available ports on a particular IP or IP ranges on your network?

    Well, if you are thinking about checking manually, then it is going to take a lot of times. Better to use tools to scan the ports, faster. Previously, I talked about how to scan ports on Internet-facing IP and received feedback to cover tools to scan the intranet network.

    There are multiple methods of port scanning – TCP, FIN, ICMP, Idle, SYN, UDP, ACK, Windows, etc. Not every scanner will have them all so choose what fits your requirement.

    So, here you go…

    TCP Port Scanner

    As the name indicates – it is capable of scanning only TCP ports.

    TCP Port Scanner use SYN method and can scan up to 10,000 ports per second. It works only on Windows.

    Nmap

    Nmap (Network Mapper) is one of the administrator’s favorite tool. You can install on Windows, Linux, MacOS or build from source code. Do you know Nmap can scan the ports?

    Here is some quick example.

    To scan ports in fast mode, you can use nmap -F $IPADDRESS command

    [[email protected] ~]# nmap -F xx.xx.xx.xx 
    
    Starting Nmap 5.51 ( http://nmap.org ) at 2019-03-19 07:36 UTC
    Nmap scan report for xx.xx.xx.com (xx.xx.xx.xx)
    Host is up (0.039s latency).
    Not shown: 95 filtered ports
    PORT     STATE  SERVICE
    22/tcp   closed ssh
    80/tcp   open   http
    443/tcp  closed https
    3389/tcp closed ms-term-serv
    5656/tcp open   abyss
    
    Nmap done: 1 IP address (1 host up) scanned in 1.93 seconds
    [[email protected] ~]#

    To scan ports consecutively, you can use -r syntax.

    nmap -r  $IPADDRESS

    To scan ports in the range, you can use -p syntax. Below example to scan ports from 80 to 444

    [[email protected] ~]# nmap -p80-444  xx.xx.xx.xx 
    
    Host is up (0.039s latency).
    Not shown: 363 filtered ports
    PORT    STATE  SERVICE
    80/tcp  open   http
    443/tcp closed https
    
    Nmap done: 1 IP address (1 host up) scanned in 3.03 seconds
    [[email protected] ~]#

    Nmap is an open source powerful tool, and if interested to learn in details then you may check out this complete Nmap ethical hacking course on Udemy.

    Netcat

    Netcat is a multipurpose network debugging tool got in-built port scanning feature. You can get it installed on NetBSD, FreeBSD, Linux, MacOS, etc.

    Port Authority

    Always on mobile? Try Port Authority – a handy tool to discover network devices and scan IP address.

    As you can see above, you have an option to scan well-known ports and port range. It is free and can be helpful for the following as well.

    • IP discovery
    • SSH/HTTPS fingerprinting
    • DNS record lookup

    Advanced Port Scanner

    A free scanner to check opened ports with the services it’s running on. The advanced port scanner is multi-thread scanner hence its fast.

    You can also run a command remotely through the GUI.

    Network Scanner by MiTeC

    A multi-purpose advanced scanner tool to scan IP, port, AD, NetBIOS, ICMP, SNMP – available to download for major Windows OS 32-bit or 64-bit.

    You have an option to import the device lists and export the results data into CSV format. It is capable of scanning TCP and UDP both and got inbuilt Whois checker feature.

    PortQryUI

    A popular Microsoft’s Portqry command line tool is available in nice GUI. PortQryUI does all the things command line does and works on Windows OS only.

    NetScanTools

    NetScanTools is a premium toolbox which got more than 50 tools for DNS, Ping, SNMP, Discovery, Whois, ARP, Traceroute, etc.

    It supports the following five types of port scans.

    • TCP full connect
    • TCP SYN half open
    • UDP ICMP
    • TCP/UDP ICMP
    • Other – a combination of SYN, URG, PSH, FIN, ACK, RST

    Scan results are shown in a nice reporting chart.

    Conclusion

    I hope above listed tools helps you to scan ports on an internal network or public IP. Most of them are FREE so try out to see what works best for you.