Sample Report

Target is the system that will be scanned (must be reachable over the Internet).

It can be specified as Hostname, IP or IP range.

Example Hostname:
Example IP:
Example IP range:

Maximum 255 hosts can be scanned at once.

Scan the most common 100 TCP ports

Scan the top 100 most common TCP ports (Nmap -F):

7 echo
9 discard
13 daytime
21 ftp
22 ssh
23 telnet
25 smtp
26 rsftp
37 time
53 domain
79 finger
80 http
81 hosts2-ns
88 kerberos-sec
106 pop3pw
110 pop3
111 rpcbind
113 ident
119 nntp
135 msrpc
139 netbios-ssn
143 imap
144 news
179 bgp
199 smux
389 ldap
427 svrloc
443 https
444 snpp
445 microsoft-ds
465 smtps
513 login
514 shell
515 printer
543 klogin
544 kshell
548 afp
554 rtsp
587 submission
631 ipp
646 ldp
873 rsync
990 ftps
993 imaps
995 pop3s
1025 NFS-or-IIS
1026 LSA-or-nterm
1027 IIS
1028 unknown
1029 ms-lsa
1110 nfsd-status
1433 ms-sql-s
1720 H.323/Q.931
1723 pptp
1755 wms
1900 upnp
2000 cisco-sccp
2001 dc
2049 nfs
2121 ccproxy-ftp
2717 pn-requester
3000 ppp
3128 squid-http
3306 mysql
3389 ms-wbt-server
3986 mapper-ws_ethd
4899 radmin
5000 upnp
5009 airport-admin
5051 ida-agent
5060 sip
5101 admdog
5190 aol
5357 wsdapi
5432 postgresql
5631 pcanywheredata
5666 nrpe
5800 vnc-http
5900 vnc
6000 X11
6001 X11:1
6646 unknown
7070 realserver
8000 http-alt
8008 http
8009 ajp13
8080 http-proxy
8081 blackice-icecap
8443 https-alt
8888 sun-answerbook
9100 jetdirect
9999 abyss
10000 snet-sensor-mgmt
32768 filenet-tms
49152 unknown
49153 unknown
49154 unknown
49155 unknown
49156 unknown
49157 unknown

About this tool

TCP Port Scan with Nmap allows you to discover which TCP ports are open on your target host.

Network ports are the entry points to a machine that is connected to the Internet. A service that listens on a port is able to receive data from a client application, process it and send a response back. Malicious clients can sometimes exploit vulnerabilities in the server code so they gain access to sensitive data or execute malicious code on the machine remotely. That is why testing for all ports is necessary in order to achieve a thorough security verification.

Port scanning is usually done in the initial phase of a penetration test in order to discover all network entry points into the target system. Port scanning is done differently for TCP ports and for UDP ports that's why we have different tools.


  • Target: This is the hostname of IP address(es) to scan
  • Ports to scan - Common: This option tells Nmap to scan only the top 100 most common TCP ports (Nmap -F).
  • Ports to scan - Range: You can specify a range of ports to be scanned. Valid ports are between 1 and 65535.
  • Ports to scan - List: You can specify a comma separated list of ports to be scanned.
  • Detect service version: In this case Nmap will try to detect the version of the service that is running on each open port. This is done using multiple techniques like banner grabbing, reading server headers and sending specific requests.
  • Detect operating system: If enabled, Nmap will try to determine the type and version of the operating system that runs on the target host. The result is not always 100% accurate, depending on the way the target responds to probe requests.
  • Do traceroute: If enabled, Nmap will also do a traceroute to determine the path packets take from our server to the target server, including the ip addresses of all network nodes (routers).
  • Don't ping host: If enabled, Nmap will not try to see if the host is up before scanning it (which is the default behavior). This option is useful when the target host does not respond to ICMP requests but it is actually up and it has open ports.

How it works

The tool is a web interface for the well known Nmap, which is executed with the proper parameters in order to provide speed and accuracy.

The scanning is done by sending packets to each port and listening for replies. The scanning technique is called 'SYN scan', which sends TCP SYN packets to each port. If a port responds with SYN-ACK, it is flagged as open and a RST is sent back by our tool. This way there is no full TCP connection established with the target host.