Netstat vs Port ScaningPost Exploitation Hacking Course

Begin Learning Cyber Security for FREE Now!

Already a Member Login Here

Home Forums Courses Post Exploitation Hacking Course Netstat vs Port Scaning

This topic contains 4 replies, has 5 voices, and was last updated by  usman47 3 years, 4 months ago.

Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
  • #30789


    Hi all,

    I still haven’t finished the course, but on classes about Linux Hosting Information Gathering, I missed the use of netstat to check the open ports on the system.
    Since we usually won’t have nmap, but most likely have netstat. Also, I think that nmap is a lot more noisy for the network admins. So, it might be important to know how to use nmap to see what ports are Listening on the system.

    I wonder if is there any technical reason for not showing it on videos.

    Here is how we check the open ports using netstat

    # netstat -lntp

    -l to list all listening ports
    -n to show the numeric IP address, not trying to resolve the hostname
    -t to show only TCP ports
    -p to show the PID of the program (if you run the command as a unprivileged user, you won’t be able to see the PID)

    take care

    UPDATE: JPerry gives the answer to my question at class: Linux Tools Lab (part 2) conf, Nmap, Nsswitch

    • This topic was modified 3 years, 8 months ago by  sauloh.


    Nmap does have soooo many options, you can do stealth scans as well as other methods that are not the same as if you are running through the garden screaming and yelling :=|




    I don’t get it. You need a shell to use netstat to show ports on the local system. Nmap is used to scan remote systems. If I already have a shell why should I use Nmap to investigate the local system? And if I don’t have a shell netstat won’t work anyway, right?



    OP, take a look at netstat and nmap. Think of netstat of being on the machine and querying what remote connections exist. Think of nmap as a scanning tool. It scans for live machines, open ports, and also has exploit detection modules. That is the high level, take another look and you will get it. If you still don’t, go back because both are two tools you will be using (but for totally different reasons).



    The main difference is that you can scan a host by nmap remotely but in order you use netstat you have to be part of the network.

Viewing 5 posts - 1 through 5 (of 5 total)

You must be logged in to reply to this topic.

Our Revolution

We believe Cyber Security training should be free, for everyone, FOREVER. Everyone, everywhere, deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is a free community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Cybrary On The Go

Get the Cybrary app for Android for online and offline viewing of our lessons.

Get it on Google Play

Support Cybrary

Donate Here to Get This Month's Donor Badge

Skip to toolbar

We recommend always using caution when following any link

Are you sure you want to continue?