How to do a Port Scan in Linux?

The port scan is the process of checking whether the ports it’s listening to the outside connections or not. Two ports can be used in Linux for an IP: TCP (Transmission Control Protocol) and UDP. The advancement in network technology produces a lot of risks over the internet/remote connections that cause security issues. This write will discuss the methods to do a port scan in Linux using the below-supporting content:

Why Do We Need to Do a Port Scan and What Ports are Used in Linux?

With the advancement in network technology, internet attacks have increased. Port scanners have become a helpful tool to avoid external attacks that scan the ports. We need to do a port scan in Linux for several reasons that are as follows:

  • To check which ports are opened, closed, or filtered to send or receive the information.
  • To find out which services are available or running on a host.
  • To Identify the vulnerabilities in the system that helps the network engineers to diagnose the issues in the system.

The ports in Linux are reserved for different purposes. The port allocation by the ICANN (International Corporation for Assigned Names and Numbers) is as follows:

  • 0-1023: Reserved for the well-known or system ports.
  • 1024: 49151: Reserved for the user or registered ports.
  • 49152-65535: Reserved for the dynamic/private ports.

Let’s discuss the port scanners used to do a port scan.

Method 1: Port Scanning Using nmap

Among the most common tools for port scanning, nmap offers advanced scanning capabilities. The nmap allows the users to find the hosts and the available services on a machine’s network by sending the data packets and diagnosing the response.

Installing nmap

To use the nmap network discovery tool, you must install it via one of the following commands (as per the distribution ).

$ sudo apt install nmap                  #Debian-Ubuntu-based
$ sudo snap install nmap                 #snap enabled Linux distro

Using nmap

To scan the target hostname for finding the open ports and the services available on those available, the below nmap command is executed:

$ nmap

It shows that four ports are opened (listening to the incoming connections) “80”, “443”, “8080” and “8443” that are using different services which are listed in front of the port number.

To scan for TCP ports, use the “sT” option of the nmap command as displayed below:

$ sudo nmap -sT

All the TCP ports are shown in the above output.

To check the open ports for UDP, utilize the “sU” option with the nmap command:

$ sudo nmap -sU

There are no open ports for the UDP service.

Note: There can be three different statuses for the nmap port scans:

  • Open: Open means the system is listening on that port.
  • Filtered: The nmap has checked for those ports but cannot identify if the port is open or closed.
  • Close: The port is not listening for any connections

Method 2: Port Scanning Using netcat

The netcat tool is a command utility used for network discovery, testing, and security auditing. The netcat command can be used to scan the open ports.

Install netcat

Before using it, ensure that the utility is installed on your Linux system.

$ sudo apt install netcat             #Debian/Ubunut-based
$ sudo yum install nc                 #Fedora/RedHat-based

Using netcat

For instance, the below command will scan port “80”, if it’s open and listening or not:

$ nc -z -v 80

It shows the status “succeeded”, which means that the port has successfully established connection with on port 80.

Similarly, a range of ports can be scanned to see whether a port can connect successfully to the server. For example, the below-mentioned command will scan for ports 20 to 30 to check which ports the connection can be established with

$ nc -z -v 20-30

It shows that only port “22” is successfully connected to the server.

Note: The netcat tool can show two different statuses for the port scan, which are as follows:

  • Succeeded: It shows that the connection is successfully established and the port is open.
  • Connection refused: The connection has been rejected by that port, and the port is closed.

Method 3: Port Scanning Using ss Command

The ss (socket statistics) command displays the details of the computer socklets. It displays different details about the ports, such as state, ports on which they are listening, and netid. For instance, to scan the TCP and UDP open ports, use the below ss command options:

  • t: Checks for the TCP ports.
  • u: It checks the UDP ports.
  • l: It shows the listening sockets.
  • p: It displays the related socket PID and the name.
  • n: Don’t resolve names

Let’s execute the command to check the open ports:

$ sudo ss -tulpn

The output shows the opened ports, such as port “631” which is opened for UDP service and listening on all the IP addresses ( Moreover, the “60222” port is opened and listening to the IP address “”.

Method 4: Port Scanning Using netstat

The netstat command shows the network statistics and configurations. It works the same way as the ss command and shows the details after sending the data packets and analyzing its response. The options below can be used to find the open ports using the UDP and TCP services:

  • t: Checks for the TCP ports.
  • u: It checks the UDP ports.
  • l: It shows the listening sockets.
  • p: It displays the related socket PID and the name.
  • n: Don’t resolve names
  • grep LISTEN: It displays open ports only whose status is “LISTEN”.

Let’s execute the below command to find the opened ports:

$ sudo netstat -tulpn | grep LISTEN

The output shows the opened ports, such as port “22”, which is opened by sshd processes and listening on all the IP addresses for SSH connections. Moreover, the “631” port is opened by cupsd service and listening to the IP address “”.

Method 5: Port Scanning Using lsof Command

The lsof command stores the details of the open files, which can be used to get the “LISTEN” port details. For instance, to get the details of the TCP and UDP services details, use the following lsof command options:

  • -i: To display the listing ports.
  • -P: Prevents network files from being converted from port numbers to names.
  • -n: Avoid using DNS names.
  • grep LISTEN: Filters the ports with “LISTEN” status only.

Let’s execute the below lsof command to find the system’s UDP and TCP open ports:

$ sudo lsof -i -P -n | grep LISTEN

It shows the process used by the open ports along with the service (TCP) and the desired port numbers.. For instance, the IP address “” is listening on port “53” to the “sshd” service.

Method 6: Port Scanning Using telnet Command

The telnet command is used to port scan and send the request to the server for creating a remote connection. The telnet connection is created on port “23” by default.

For instance, to do a port scan on port “80” for “”, use the following command:

$ telnet 80

The user is successfully connected to the server.

This is how we can scan ports in Linux.


We need to do a port scan in Linux to check the system’s opened, filtered, or closed ports, which helps us find the computer’s services for connection. Several methods are used to do a port scan that, includes nmap, netcat, ss, netstat, lsof, and telnet commands which are described in detail throughout this guide.