nmap -p- -Pn -n <ip>
- -p- – Scan all ports
- -Pn – Treat host as online, skip host discovery
- -n – No DNS resolution
- Followed by the command below to get more details about the open ports
nmap -p[portlist] -A -Pn -sT -n <ip>
- -p[portlist] – A list of ports to scan, use the above to find these.
- -A – enable OS/version detection, script scanning and traceroute.
- -Pn – Treat host as online, skip host discovery
- -sT – TCP Connect() on the ports
- -n – no DNS resolution
nmap -O -sT -sV -p- <ip>
- -O – OS detection
- -sT – TCP Connect() scan
- -sV – Probe open ports to determine service/version info
- -p- – scan all ports
Nmap not available?
for p in $(seq 1 65535); do nc -nvzw1 x.x.x.x $p 2>&1; done | grep open