Infrastructure Testing

TCP Port Scan with Nmap

Detect open TCP ports, running services (including their versions) and do OS fingerprinting on a target IP address or hostname.

Sign up for a Pro Account to perform full port scanning with additional options.

Scan type
  • Light scan

TCP Port Scanner with Nmap

About this Online Port Scanner

Detects open TCP ports, running services (including their versions) and does OS fingerprinting on a target IP address or hostname.

The scanner allows you to easily map the network perimeter of a company, check firewall rules and verify if your services are reachable from the Internet. Based on Nmap Online, it performs accurate port discovery and service detection.

What are Network Ports?

Network ports are the communication endpoints for a machine that is connected to the Internet. When a service listens on a port it can receive data from a client application, process it and communicate a response.

Malicious client applications (e.g. scripts, bots, malware) often exploit code found in server software that lets them get unauthorized access on the remote machine.

Port scanning is part of the first phase of a penetration test and allows you to find all network entry points available on a target system. Port scan techniques are different for TCP and UDP ports, which is why we have dedicated tools for each one.

Why should I use an Online Port Scanner?

The main benefit of using an online version of the Nmap port scanner (vs using it on your local machine) is that it gives you an external view of your systems as any malicious hacker from the Internet has. If you do the same scan from your internal network you may obtain different results because of various firewalls and network restrictions. Furthermore, our port scanner is:

  • Already configured and ready to run
  • Periodically upgraded
  • Has an easy-to-use interface over the complex command line parameters of Nmap
  • Gives you a useful report that you can share with management or stakeholders

Common TCP Ports

According to the Nmap classification, these are the most common TCP ports:

  • 21 - FTP (File Transfer Protocol)
  • 22 - SSH (Secure Shell)
  • 23 - Telnet
  • 25 - SMTP (Mail)
  • 80 - HTTP (Web)
  • 110 - POP3 (Mail)
  • 143 - IMAP (Mail)
  • 443 - HTTPS (Secure Web)
  • 445 - SMB (Microsoft File Sharing)
  • 3389 - RDP (Remote Desktop Protocol)

Our TCP Port Scanner with Nmap

The Full Scan allows you to perform portscans with custom parameters, easily configured from the web interface:

  • Specify custom TCP ports to scan (1-65535)
  • Enable/disable service detection
  • Enable/disable operating system detection
  • Enable/disable host discovery
  • Do Traceroute

Furthermore, you can schedule periodic port scans to continuously monitor the attack surface of your network perimeter.

The Light Scan checks only for the most common Top 100 TCP ports. Service detection (-sV) is also enabled in this port scanning configuration and you will get the version of the running services. Try a free port scan now to see a sample report.

Reporting

Sample Report

Here is a TCP Port Scan with Nmap sample report that gives you a taste of how our tools save you time and reduce repetitive manual work.

  • Information at a glance

    The report starts with a quick summary of the findings and risk ratings, offering you a helpful overview in terms of risk levels and number of findings.

  • Actionable advice

    Each finding has a detailed explanation in terms of risk and recommendations that gives you a head start in fixing the identified issues.

  • Sorted by risk rating

    Vulnerabilities are sorted by their risk rating, starting from the highest risk identified. This saves you manual work and time, freeing you up for other tasks.

TCP Port Scanner with NMap Report Sample

How to use the pentesting tool

Use Cases for TCP Port Scan with Nmap

Finds common vulnerabilities which affect web applications: SQL Injection, XSS, OS Command Injection, Directory Traversal and others. The scanner also identifies specific web server configuration issues.

  • Network Penetration Testing

    Easily scan IP addresses and get an aggregated view of the results. The findings are accurate since our servers have direct Internet connection. What’s more, the scanner is optimized for best performance and quality results.

  • Firewall Rules Verification

    Check if your firewall was correctly configured and if the servers have unnecessary open TCP ports. By also looking at the service versions, you can find which server software is outdated and needs to be upgraded.

  • Asset Inventory

    Map the network perimeter of your target much faster and detect live hosts and TCP services exposed to the Internet. Find which machines are outdated and risk being exploited by attackers looking to gain access to the internal network.

Better vulnerability discovery. Faster pentest reporting.

Get instant access to custom vulnerability scanners and automation features that simplify the pentesting process and produce valuable results. The platform helps you cover all the stages of an engagement, from information gathering to website scanning, network scanning, exploitation and reporting.

Pentest-Tools.com TCP Port Scanner with NMap Sample Report

TCP Port Scan with Nmap

Technical Details

How the Nmap Scanner works

Nmap is a very effective port scanner, known as the de-facto tool for finding open ports and services. Nmap performs several phases in order to achieve its purpose:

  1. Nmap host discovery

    The first phase of a port scan is host discovery. Here the scanner attempts to check if the target host is live before actually probing for open ports. This phase is needed mainly when scanning a large range of IP addresses in order to optimize the time for the whole scan. It does not make any sense to waste time probing for open ports on a 'dead' host (e.g. there is no server at a given IP).

    However, this phase can sometimes lead to not finding some open ports because the host 'liveness' cannot be always correctly detected (e.g. because of firewalls which permit access only to a certain port and drop everything else). In this case you have the option "Don't ping host" (or Nmap -Pn) which skips the host discovery phase and just does the port scanning.

  2. Open ports detection

    In order to determine if a TCP port is open, Nmap takes advantage of the Three way handshake mechanism used by TCP to establish a connection between a client and a server.

    There are two main methods for detecting open TCP ports:

    • Connect-Scan (Nmap -sT)

      In this case Nmap does a full three-way handshake with the target server, establishing a full TCP connection. The sequence of packets for this type of scan is: SYN, SYN-ACK, ACK, RST.

      The advantage of this method is that it does not require root/administrator access on the client machine, while the disadvantage is that it is rather noisy and the server can log the connections attempted from other hosts.

    • SYN-Scan (Nmap -sS)

      This is the default scanning method, also enabled in our scanner. In this method, Nmap does a half-open TCP connection, knowing that the port is open immediately after the server responds with SYN-ACK. The sequence of packets in this case is: SYN, SYN-ACK, RST.

      The advantage of this method is that it is stealthier than a Connect-Scan but it does require Nmap to run with root/administrator privileges (because it needs to create low-level raw sockets to send the individual packets, instead of leaving the kernel stack to do the connection).

  3. Nmap service detection

    After Nmap has found a list of ports, it can do a more in-depth check to determine the exact type of service that is running on that port, including its version. This is needed because it is possible for common services to run on non-standard ports (e.g. a web server running on port 32566). Service detection is enabled with the command Nmap -sV.

    Nmap does service detection by sending a number of predefined probes for various protocols to the target port in order to see if it responds accordingly. For example, it sends:

    • SSL CLIENT HELLO - to check for SSL services;
    • HTTP GET request - to check for HTTP service;
    • SIP OPTIONS - to check for SIP/RTSP protocol;
    • and many others.

    You can find more details about Nmap and its internal functionality in our blog post Inside Nmap, the world’s most famous port scanner.


A brief history of the Nmap Port Scanner

Nmap was first introduced in September 1997 in the article The Art of Scanning, in the well known Phrack Magazine, by its author - Fyodor (Gordon Lyon).

Since it got a lot of notoriety, Nmap has been referenced in multiple books and it was also used in several artistic movies as a hacking tool (e.g. The Matrix).

It has greatly evolved over time (the current version is 7.92) from a simple port scanner to a robust tool containing advanced fingerprinting capabilities and a complex scripting engine. Nmap currently has more than 500 scripts that can run after service detection has been disabled, covering aspects as advanced service discovery, brute-forcing and some vulnerability identification.