Use Nmap to Scan for Open Ports on Your Servers

Introduction

Nmap, short for Network Mapper, is a free, open-source tool for vulnerability scanning and network discovery. Network administrators use Nmap to identify what devices are running on their systems, discovering hosts that are available and the services they offer, finding open ports and detecting security risks.

What Are Ports?

There are many layers in the OSI networking model. The transport layer is the layer primarily concerned with the communication between different services and applications. This layer is the main layer that ports are associated with.

Port Terminology

Some knowledge of terminology is needed to understand the port configuration. Here are some terms that will help you understand the discussion that will follow:

• Port: An addressable network location implemented inside of the operating system that helps distinguish traffic destined for different applications or services.
• Internet Sockets: A file descriptor that specifies an IP address and an associated port number, as well as the transfer protocol that will be used to handle the data.
• Binding: The process that takes place when an application or service uses an internet socket to handle the data it is inputting and outputting.
• Listening: A service is said to be “listening” on a port when it is binding to a port/protocol/IP address combination in order to wait for requests from clients of the service. Upon receiving a request, it then establishes a connection with the client (when appropriate) using the same port it has been listening on. Because the internet sockets used are associated with a specific client IP address, this does not prevent the server from listening for and serving requests to other clients simultaneously.
• Port Scanning: Port scanning is the process of attempting to connect to a number of sequential ports, for the purpose of acquiring information about which are open and what services and operating system are behind them.

Common Ports

Ports are specified by a number ranging from 1 to 65535.

• Many ports below 1024 are associated with services that Linux and Unix-like operating systems consider critical to essential network functions, so you must have root privileges to assign services to them.
• Ports between 1024 and 49151 are considered “registered”. This means that they can be “reserved” (in a very loose sense of the word) for certain services by issuing a request to the IANA (Internet Assigned Numbers Authority). They are not strictly enforced, but they can give a clue as to the possible services running on a certain port.
• Ports between 49152 and 65535 cannot be registered and are suggested for private use.

You can get a short list of some common ports by typing:

Scan Ports with Nmap

Ref: https://www.digitalocean.com/community/tutorials/how-to-use-nmap-to-scan-for-open-ports-on-your-vps