nmap is a useful tool to verify a server is up and the applications are listening for connections. Here are some common troubleshooting scenarios.
Inspect specific server ports
From an outside workstation, scan your server's IP address nmap
. These are useful command switches:
-Pn : Treat all hosts as online and skip host discovery.
-p : List of ports to scan.
--reason : Display the reason a port is in a particular state.
Example: To scan ports 22, 53, 80, and 443 on IP address 192.0.2.2:
$ nmap -Pn -p 22,53,80,443 --reason 192.0.2.2
PORT STATE SERVICE REASON
22/tcp open ssh syn-ack
53/tcp filtered domain no-response
80/tcp filtered http no-response
443/tcp filtered https no-response
Nmap done: 1 IP address (1 host up) scanned in 12.64 seconds
This example shows ssh is available on port 22, while dns (53), http (80), and https (443) are not responding. If nmap
reports the application port is open, it is not a firewall problem. If you have errors connecting, this could indicate a problem at a higher level in the application.