Test servers, firewalls and network perimeters remotely with this online version of the Nmap port scanner. It is simply the easiest way to perform an external port scan.
Nmap is a powerful open source port scanner that in its simplest form will discover services that are listening on Internet connected systems.
- Test for presence of both network or host based firewalls.
- Audit external facing IP addresses for poorly configured firewall rules.
- Troubleshoot network issues with Internet facing services.
- Detect unknown services and operating system versions.
Using Nmap online has many possible use cases. For example:
- Audit external firewall configurations
- Discover open ports and services from an attackers perspective
- Troubleshoot network and port forwarding configuration
- Easily find listening hosts and services on an entire netblock
- Use the IPv6 option to test firewalls and ports on IPv6 deployments
Advantages of a remote Nmap port scan over a local installation:
- Defences such as firewalls / IDS and network configurations (NAT) will affect outbound port scans of your perimeter.
- Simply convenient. No need to have port scanning software installed locally, start scans from any device with a browser.
- It’s faster. Our servers are optimized for port scanning and on fast networks. Get results fast.
- Test security monitoring and IDS / IPS systems, with external scans from a known IP address
For system administrators, network engineers and security professionals having access to an online port scanner that is remotely hosted will be a tool you wondered how you got by without it. With easy access to an external port test when troubleshooting or security testing.
How does the Online Port Scanner work?
1. Fill out the form; entering the target IP Address.
You must enter a public IP address that is rout-able from an external perspective and one that you have permission to scan.
Scan a single IP Address
Scan Range a range of IP Addresses up to 254 possible addresses. This example will scan the first 50 addresses of the 192.168.1.0 network.
Scan a hostname, this will resolve the hostname locally and scan that IP Address.
2. Decide on which ports you wish to scan
The port options available are an Nmap Fast scan (-F), the default ports or to scan all 65535 ports on an IP Address. Scanning all ports is the most accurate and reliable way to discover every listening service and fully test a firewall configuration.
3. Select options you would like to use (optional)
- Default protocol is IPv4, select the Protocol option to enable IPv6 (nmap option -6)
- Ping is performed by default to ensure system is responding, select option to disable the ping (nmap option -Pn)
- Enable OS Detection to probe the Operating System version (nmap option -O)
- Perform an optional Traceroute uses results from the port scan to find the most accurate method (nmap option –traceroute)
4. Enter email address for delivery of the results
Reports are delivered once they are completed, usually this will take only a few minutes. Of course if you are scanning an entire class C with all 65535 ports it will take a bit longer! Emailed reports contain normal text based output from Nmap as well as a HTML version of the results.
Technical details of the Online Nmap Scan
The system will perform the port scan using a TCP SYN based Nmap port scan with version detection enabled (nmap -sV). Any selected optional parameters will be included.
The results are emailed to the selected destination address once the scan is completed. Emailed results are in text output in the body of the email with HTML results included in an attachment.
Most scans will take 1 or 2 minutes, however a scan of /24 network will obviously take longer perhaps 20 to 30 minutes depending on the network being scanned.
IPv6 capable port scanner
It is important to understand that as systems are moved to IPv6 based addressing; the Internet facing IPv6 addresses must be tested for open ports. It is quite likely that a firewall that is configured to protect an IPv4 addressed system is not configured or even able to filter IPv6 traffic.
The IPv6 feature of the Online Nmap Port Scanner is one that will become more and more important as the world starts to move towards an IPv6 connected future.
About the Nmap Port Scanner Software
Nmap is a network port scanner that tests network connectivity between different hosts and services. Firewalls, Router ACL’s and other factors can impact a network based connection.
Initially it was a simple but powerful tool that enabled the scanning of networks or individual hosts to determine if there any services running and if any firewall is present. More recent versions of Nmap have extended capability to include a built in scripting language (NSE) that will perform a multitude of additional checks against any services found to be open. This is pushing Nmap into the realms of a fast light weight vulnerability scanner.
Download nmap from insecure.org, it is available in versions for Windows (XP, 2003, 2008) and Linux / FreeBSD. Zenmap is a graphical front end for the gui minded. I encourage you to download from here as it is the latest versions whereas the version in the Ubuntu, Suse, Fedora and other Linux repositories is not necessarily up to date.
An interesting side note is that Nmap is the quite famous, having appeared in a number of movies including the Matrix, Die Hard 4 and many others.