How to Do a Basic Port Scan with Nmap

Closing unnecessary ports on your server is an important process for PCI compliance and server hardening in general. This reduces what information cyber attackers can easily gather about your web server and services to exploit. This also applies to Small Office / Home Office (SOHO) networks.

To scan your local network, you need to know your local router’s internal IP address.

The easiest way to scan for open ports on your server or network depends on your workflow and desktop operating system (OS).

Source: Nmap.org

For those who prefer a desktop application for scanning multiple ports and banner grabbing (e.g. Nginx server version), there’s Nmap.

Nmap (Network Mapper) is a popular cross-platform desktop CLI application for scanning multiple ports on a server or router. Nmap doesn’t just list open ports. It provides in-depth information on services sharing information that could be used to exploit your system. Nmap is bundled with other programs:

  • Zenmap GUI application for Nmap
  • Ncat quickly scans a single port and more
  • Ndiff compares scan results
  • Nping does packet generation and response analysis

Below, we’ll cover the basics of port scanning with Nmap:

Develop your next web app with our secure Cloud Server Hosting.

Port Scan with Nmap

The basic command format is nmap, necessary flags, then the domain / server IP / server hostname (part of your temporary URL).

nmap domain.com

Your results will show open ports and it’s dedicated service:

Starting Nmap 7.60 ( https://nmap.org ) at 2020-01-01 09:00 EDT
Nmap scan report for domain.com (1.2.3.4)
Host is up (0.010s latency).
rDNS record for 1.2.3.4: server.hostname.com
Not shown: 1000 closed ports
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https

Nmap done: 1 IP address (1 host up) scanned in 1.59 seconds

Verbose Port Scan on a Domain:

Add the following flags for more information on the system and ports:

  • -A detects OS, software version, and scripts
  • -v provides verbose information
nmap -v -A domain.com

For easier review later, output verbose Nmap results to a file:

nmap -v -A domain.com -oN results.txt

Scan Specific TCP Ports

In this example, ports 21 (FTP), 22 (default SSH port), and 3306 (MySQL):

nmap -p 21,22,3306 domain.com

Scan UDP ports, Timeout After 5 Minutes:

A specified timeout can be useful when dealing with slow servers.

nmap -sU domain.com --host-timeout 5m

Learn more about nmap with the manual:

man nmap

Was this article helpful? Let us know!