[Linux] Scanning Open Ports With Netcat

Port Scanning with Netcat in Linux Techhyme

The first step in port scanning is to check if a specific port is open or being used by a service. This can be done using the nc command, or with other tools such as telnet, nmap, or socat. Once a port is identified as open, further analysis can be done to determine what service or application is listening on that port.

To scan ports using netcat, you can use the nc command followed by the target IP address and port number you want to scan. For example, to scan a particular port i.e. 22 on a host with IP address, you can use the command: nc -zvn 22.

The -v option is for verbose output, the -n option tells nc to use IP addresses instead of hostnames, and the -z option tells nc to only scan for open ports without sending any data.

Scan Ports Netcat Techhyme

And as you can see, port no 22 is open for

And if you are getting such error “Connection refused”, then it means the port you are scanning with netcat is closed.

Scan Ports Netcat Techhyme

To scan multiple ports at once using the netcat, you’d need to follow the given command syntax:

Command: nc -vz -w3 <Target> <Port 1><Port 2><Port 3>

Indeed, you can use the previous method to scan for multiple ports but what if you want to scan more than 50 or 100 ports? You can define the range.

Command: nc -vz -w3 <Target> <Port Range>

Scan Ports Netcat Techhyme

Seems pretty long list of unavailable ports right? In this case, you can use the grep command to fetch only the open ports:

Command: netcat -w1 -znv <Target> <Port Range> 2>&1 | grep succeeded


  • -w1 will force the netcat command to wait for 1 second for each port.
  • 2&1 redirects standard error.

Scan Ports Netcat Techhyme


Related Posts

Leave a Reply