Scan open port with netcat

I'm just wrapping my head around the utility netcat. So for test purpose I install Apache on my Linux OS and verified Apache runs by accessing the localhost url in my browser.

I want to test if the port 8080 was open on my machine by using netcat. I typed nc -z localhost 8080 into the console but nothing shows in return. Apache is running so the port 8080 is open. I don't understand why nothing is showing ?

Also if I try to scan a range of ports using nc -z localhost 1-9999 I also have nothing in return. Does it mean that no port is opened on my machine ?

Vetouz

Posted 2020-01-30T17:59:01.510

Reputation: 101

Fastest way to check for open TCP ports on your own machine is ss -lt. – dirdi – 2020-01-30T18:01:47.230

thanks for your shorthand but it does not answer my questions – Vetouz – 2020-01-30T18:04:48.703

Answers

I do not know why you would expect output. From the man page:

-z Specifies that nc should just scan for listening daemons, without sending any data to them.

What happens if you connect to an http-server without sending any data? You get no response. Compare this with the normal cat:

ljm@verlaine[~]$ touch this
ljm@verlaine[~]$ cat this
ljm@verlaine[~]$ cat that
cat: that: No such file or directory

this is an empty file. So, for cat this you get no answer. Not a message "hey I found this; but it is empty", but just the content of this. It works the same way with nc.

As an example, pi listens to port 80 on my network.

ljm@verlaine[~]$ nc -z pi 80
ljm@verlaine[~]$ nc -z pi 83
pi.home [192.168.178.2] 83 (mit-ml-dev) : Connection refused
ljm@verlaine[~]$  echo -n "GET / HTTP/1.0\r\n\r\n" | nc pi 80
HTTP/1.1 404 Not found
Content-Type: text/plain
Content-length: 11

Not found

So, the first nc -z pi 80 connects to port 80 (which succeeds) sends nothing and does not get a reply.

The second nc -z pi 83 You get a message from nc that explains what is wrong.

The third nc sends some data to the webserver and gets an answer (a 404, but that is irrelevant)

Ljm Dullaart

Posted 2020-01-30T17:59:01.510

Reputation: 922

I don't understant. Ok you don't send data but when using nc -z shouldn't you have a response that say : hey the port 8080 is open ? – Vetouz – 2020-01-30T18:21:12.000

No, nc just gives the data it gets from the connection, which is nothing. If you want a confirmation of which ports are open, use nmap. Added the equivalent of cat; hope that makes it a bit clearer. – Ljm Dullaart – 2020-01-30T21:46:50.040

I don't understand why nothing is showing

In my Kubuntu I have the OpenBSD implementation of nc. Its manual states [emphasis mine]:

It may be useful to know which ports are open and running services on a target machine. The -z flag can be used to tell nc to report open ports, rather than initiate a connection. Usually it's useful to turn on verbose output to stderr by use this option in conjunction with -v option.

So try nc -zv localhost 8080 or nc -zv localhost 1-9999.

I noticed I can test a single port by examining the exit status. Open port makes nc return 0; failed connection makes nc return 1. This approach works with or without -v.

In general, while testing ports this way, it's good to set a reasonably short timeout (e.g. -w 7) to avoid long delay when the scanned machine is completely silent.

Kamil Maciorowski

Posted 2020-01-30T17:59:01.510

Reputation: 38 429