Network - Open Port


How to know from a localhost which port are open on a remote host (ie that a firewall is not used or that the process is up and listen)



When the scanner sends a SYN packet to open a TCP connection and gets:

  • the SYN/ACK packet back, the port is considered open.
  • a RST packet is received instead, the port is considered closed.
  • no response, the port is either considered filtered by a firewall or there is no running host at the IP address.


Scanning UDP ports is more difficult because UDP does not use handshakes and programs tend to discard UDP packets that they cannot process. When an UDP packet is sent to a port that has no program bound to it, an ICMP error packet is returned. That port can then be considered closed. When no answer is received, the port can be considered either filtered by a firewall or open. Many people abandoned UDP scanning because simple UDP scanners cannot distinguish between filtered and open ports

List / Test open port


nmap -Pn -p T:port hostName
nc -w1 -z --ssl 443
echo $?


wait for module

- name: Testing that the port is open
      host: hostName
      port: 1433
      state: started
      timeout: 5


Test for open port with powershell:

  • With Test-NetConnection
Test-NetConnection hostname -Port 9999
ComputerName     : hostname
RemoteAddress    :
RemotePort       : 9999
InterfaceAlias   : Wi-Fi
SourceAddress    :
TcpTestSucceeded : True
  • Function with Net.Sockets.TcpClient
function testport {
        [Parameter(Mandatory=$true, HelpMessage='The remote host')]
        [Parameter(Mandatory=$true, HelpMessage='The remote port')]

    $tcpClient = New-Object Net.Sockets.TcpClient
    } catch {
        # Just to not see the exception message

	    "  * Port $remotePort is operational"
	    "  * Port $remotePort is closed"

$remoteHost = "hostname"
$port = 80
"Test Remote Host on $remoteHost"
testport $remoteHost $port

Powered by ComboStrap