“How to Identify Open Ports and Services (Beginner Guide)”

TL;DR: Learn how to identify open ports and running services using Nmap so you can understand a system’s attack surface.

Introduction

Open ports and services tell you what a system is exposing to the network. In penetration testing, this is one of the first things you check because every open service may represent a possible entry point.

What Are Open Ports?

A port is a communication endpoint used by applications and services. When a port is open, it means a service is listening for network connections.

• Port 22 – SSH
• Port 80 – HTTP
• Port 443 – HTTPS
• Port 21 – FTP
• Port 445 – SMB

What Are Services?

A service is the application running behind a port. For example, port 80 may show that a web server is running. Service detection helps you understand what software is exposed.

Lab Setup

• Kali Linux attacker machine
• Metasploitable 3 target machine
• Both systems on the same network

Step 1: Find Your Network Range

On Kali Linux, run:

ip a

Look for your IP address and subnet. This helps you identify the network range to scan.

Step 2: Discover Live Hosts

Run a ping scan:

nmap -sn <network-range>

Example:

nmap -sn 192.168.56.0/24

This shows which systems are active on the network.

Step 3: Scan for Open Ports

After identifying the target IP, run:

nmap <target-ip>

This performs a basic scan and lists open ports.

Step 4: Identify Running Services

Use service detection:

nmap -sV <target-ip>

This shows service names and versions, which are useful for vulnerability research.

Step 5: Save Your Results

Save your scan output for notes or reports:

nmap -sV -oN open_ports_scan.txt <target-ip>

How to Analyze Results

Look for:

• Unnecessary open ports
• Outdated service versions
• High-risk services like FTP, SMB, or Telnet
• Web services that may need further testing

Common Beginner Mistakes

• Scanning the wrong IP address
• Ignoring service versions
• Assuming every open port is vulnerable
• Skipping documentation

Real-World Relevance

Security professionals identify open ports and services to understand a system’s attack surface. This helps prioritize testing and reduce unnecessary exposure.

Next Steps

Follow the full beginner penetration testing path:

• 1. Set up your lab with Metasploitable 3
• 2. Learn Nmap scanning basics
• 3. Run a full vulnerability scanning lab
• 4. Exploit vulnerabilities with Metasploit

Want more hands-on cybersecurity labs? Explore all labs and training →