How to use 'nmap' to check if a port is open on your server

269ac00f765508cb74b25d006dbf5bb2

Written by Dennis Nind

Last published at: February 8th, 2019

Overview
Maybe your local email client isn't able to connect to the server, causing frustrating errors for your users. Or maybe you have just completed the cPanel installation but can't login to a new account. You know the services are working properly as they are listed as "up" in the Service Status area of WHM. But you still can't connect!

When these types of situations happen it's a good idea to check the specific network connections to the system. We already know you can connect to the server, so we'll need to use a tool that is more advanced than a basic ping to test specific connections. This is where the nmap utility can come in handy.

nmap stands for "network mapper" and allows you to scan a network address to see what ports are open and what services are listening on those ports. Every connection to a server gets made to a specific port, whether or not you see that port on your side in a URL. Another way to think about it is this - a server's IP address gets you to the front door of the machine, but the port tells you what specific room you need to go into.

One common example that many server admins are familiar with is port 80, which is the default Apache port for unsecured http traffic. Visiting a website with domain.com is the same as visiting domain.com:80, but since Apache is listening on port 80 you don't need to manually include that portion of the URL.

Using a tool like nmap will allow you to see and test the ports on a system. While there are many advanced uses for the nmap utility, as server administrators with cPanel machines we're going to be using it to make sure services are running and accessible for our users.

Testing with nmap
Important: Since we are testing connections to the server you'll want to run these commands from your local workstation and not the server itself. You may need to install the nmap tool on your local operating system to perform these tests if it is not available already.

Let's start by looking at a basic test - seeing what ports are open on a system. nmap is simple to use - you only need to call the command and provide it with either a domain name or IP address to perform the test on. For example, if we wanted to scan the domain testdomain.com we would just enter nmap testdomain.com on our local command line. Here is an example of a server with the necessary ports open for cPanel to function:




You could also use the IP address instead of the domain to perform your test, and the output will be the same:



In those previous two examples, nmap is checking the most common ports used for web services over a TCP connection. However, some services such as the DNS system use a UDP connection for their traffic, so we may want to make sure traffic is open for the UDP service as well. With a few additional flags provided to the nmap command we can test that type of connection. We can check all ports that are responding to UDP traffic with the command nmap -sU testdomain.com which will give us this output:



We can also specify a check on port 53 with this command:

 
Important: You may need sudo or root privileges to use the "-sU" flags with nmap on some systems, so it may prompt for a password.

In both of these examples we see that the ports are open and responding properly to our tests, which indicates the DNS services should work properly on this system as well.

Conclusion
Using the nmap tool to check these types of connections can be helpful when performing the initial setup of your cPanel machine. You can always check the list of ports required for cPanel services in our documentation here so you know what needs to be open and working in your server's firewall.

For more details on using the nmap tool you can check the man page for nmap by running "man nmap" on the command line of your system or checking the man page online here.