A port is a logical entity which acts as a endpoint of communication associated with an application or process on an Linux operating system. It is useful to know which ports are open and running services on a target machine before using them.
We can easily list open ports in Linux on a local machine using the netstat or several other Linux commands such NMAP.
In this guide, we will show you how to determine if ports on a remote host are reachable/open using simple netcat (in short nc) command.
netcat (or nc in short) is a powerful and easy-to-use utility that can be employed for just about anything in Linux in relation to TCP, UDP, or UNIX-domain sockets.
# yum install nc [On CentOS/RHEL] # dnf install nc [On Fedora 22+] $ sudo apt-get install netcat [On Debian/Ubuntu]
We can use it to: open TCP connections, listen on arbitrary TCP and UDP ports, send UDP packets, do port scanning under both IPv4 and IPv6 and beyond.
Using netcat, you can check if a single or multiple or a range of open ports as follows. The command below will help us see if the port 22 is open on the host 192.168.56.10:
$ nc -zv 192.168.1.15 22
In the command above, the flag:
-z– sets nc to simply scan for listening daemons, without actually sending any data to them.-v– enables verbose mode.
The next command will check if ports 80, 22 and 21 are open on the remote host 192.168.5.10 (we can use the hostname as well):
nc -zv 192.168.56.10 80 22 21
It is also possible to specify a range of ports to be scanned:’
$ nc -zv 192.168.56.10 20-80
For more examples and usage of netcat command, read through our articles as follows.
- Transfer Files Between Linux Servers Using netcat Command
- Linux Network Configuration and Troubleshooting Commands
That’s all. In this article, we explained how to check if ports on a remote host are reachable/open using simple netcat commands. Make use of the comment section below to write back to us concerning about this tip.
This tool sucks, nc -zv says every port succeeds even ones I just make up. Why can’t it ‘just work’ and give real meaningful information as telnet did which wasn’t even designed to test if a port was open.
I hope you are still taking comments…it’s been a while.
This was almost the best set of instructions I’d run into except it doesn’t cover how to interpret the results. If you provided a sample of success or failure as an example I’d never have to look anywhere else.
For now, if the results in Redhat 7 are similar to below is the port open or filtered/closed
Ncat: Version 7.50 ( https://nmap.org/ncat )
Ncat: Connected to 192.168.1.15:8001.
Ncat: 0 bytes sent, 0 bytes received in 5.03 seconds.
I’m confused by the fact that I’m connected which I think means the port is open but no data was sent or received.
Thanks
Hi,
Don’t use this for connectivity checks on Centos 7. This only works on Centos 6. It does not work on Centos 7. You need something like this:
Its because redhat/centos distro is changed at Centos 7.
@Bernard
Oops, thanks for sharing, we will cross check this.
Hi,
I have Red Hat Enterprise Linux Server release 7.3 (Maipo) installed on my PC.
When I try either of the below commands, I get the error message as shown:
Error Message:
nc: invalid option — ‘z’
Ncat: Try `–help’ or man(1) ncat for more information, usage options and help. QUITTING.
‘–help’ or man() did not provide any details on how to simply scan for listening daemons.
Any suggestions?
@Timir
When you open the man page, try to check the meanings of the options(-zv) used in the examples in the article. There could be possible changes in the nc or ncat options and how they function, especially in RHEL/CentOS 7.3.
The
-zoption has been removed as of Ncat version 6.40. The new option is--recv-only.@Erick
Many thanks for the useful info, we will check this out.
The
'-z'flag is available in ncat 7.5, but not in ncat 6.4Very useful article for security. I’ll test that.Thank you !
Long life to super penguin ^^
@Jonathan
Welcome, and thanks for always following us.
Hello.
In CentOS 7, there is no package named ‘nc‘.
Searching for ‘netcat‘:
the resulting package is ‘nmap-ncat.x86_64 : Nmap’s Netcat replacement‘
If you install this package, the above command will looks like this:
There is another package ‘netcat-gnu‘. You can read more about this package in: https://fedora.pkgs.org/25/rpm-sphere/netcat-gnu-0.7.1-15.1.x86_64.rpm.html
Are this observations correct?
@Chris
Yap, correct observations here, package is called ncat instead of nc. However, installation command still works. Many thanks for feedback.