How to Use Nmap to Scan for Open Ports in Windows

Many people connect to the internet through their ADSL/VDSL modem and router devices. But they do not realize that their routers can be accessed from anywhere by typing their external IP address. And if you have not changed your default router username or password, then it becomes very easy for anyone to login to the web interface of your modem/router. In general, most of the routers have “admin” as the username and password. By logging into your router’s web interface anyone can steal your ADSL/VDSL credentials, change router settings, turn off the internet connection, reboot your router, add a DDNS service and more.

Though the modems/routers can be configured to disable remote access to the web interface, but it is always a good idea to check your IP address for open ports. If the open http or telnet ports are available on your IP address, then anyone can try to access your router’s web interface.

You can use the free software Nmap to check any IP address for open ports. The Nmap utility comes in both setup installer format or in the zipped binary format if you do not want the Windows GUI. In either case, you have to install the WinPCap software on your Windows PC before you can start using Nmap.

After this, you can open a command prompt window and give the command nmap followed by a space and the IP address that you want to check for open ports. In most cases, the IP address is your external IP address.  If you do not know your external IP address, then you can find out using this article: find your own IP address. Suppose your external IP address is 159.54.238.69, then the command would be:

nmap 159.54.238.69

 

Nmap Scan Open Ports

This would scan that given IP address for many common ports given in the “nmap-services” file and display only those ports which are open or filtered. Filtered ports are the ones for which nmap is not certain that port is open or closed.

If you do not want to scan for all the commonly used ports (which are around one thousand in number), then can append -p followed by the type of ports like http, ftp, telnet etc. All these port names are specified in the “nmap-services” file. For example,

nmap 159.54.238.69 -p http,ftp,telnet

Nmap Scan Open Ports

The above command line would scan only for the http, ftp and telnet ports. By scanning only for a few ports, you can save the time and finish the scan in a considerable smaller duration of time.

Conclusion: The namp utility can be used to see if your ports are open and accessible from a remote address. If the key ports like the http or ftp ports are open, then you can configure your router or firewall to block their access from remote IP address.

You can download Nmap utility from http://nmap.org/.