# Internal Port Scanning

#### Using ss

```
ss -tuln
```

* `-t`: Shows TCP connections.
* `-u`: Shows UDP connections.
* `-l`: Shows only listening sockets.
* `-n`: Shows numerical addresses instead of resolving them.

#### Using nc

```
nc -zvw 1 localhost 1-10000
```

* z : for scan
* v: verbose
* w: timeout to 1 second
* 1-10000 port range

```
for port in $(seq 1 65535); do nc -z localhost $port >/dev/null && echo "Port $port is open"; done

for port in $(seq 1 65535); do (echo >/dev/tcp/localhost/$port) >/dev/null && echo "Port $port is open"; done
```

* Using a loop to scan from port 1 till 65535
* using nc -z
* Check inside /dev/tcp