Internal Port Scanning

Using ss

ss -tuln
  • -t: Shows TCP connections.

  • -u: Shows UDP connections.

  • -l: Shows only listening sockets.

  • -n: Shows numerical addresses instead of resolving them.

Using nc

nc -zvw 1 localhost 1-10000
  • z : for scan

  • v: verbose

  • w: timeout to 1 second

  • 1-10000 port range

for port in $(seq 1 65535); do nc -z localhost $port >/dev/null && echo "Port $port is open"; done

for port in $(seq 1 65535); do (echo >/dev/tcp/localhost/$port) >/dev/null && echo "Port $port is open"; done
  • Using a loop to scan from port 1 till 65535

  • using nc -z

  • Check inside /dev/tcp

Last updated

Was this helpful?