How to Use Nmap to Scan for Open Ports 80 and 8080 on a Local Network


3 views

When you run the command nmap -p 80,8080 192.168.1.0-255, Nmap scans all IP addresses in the range 192.168.1.0 to 192.168.1.255 for open ports 80 (HTTP) and 8080 (HTTP-proxy). The output shows which ports are open, but it doesn't guarantee the service is accessible.

Even if Nmap reports ports as open, you might not be able to connect due to:

  • Firewall rules blocking external access
  • The web server requiring authentication
  • The service not actually running despite the port being open

To get more detailed information, try these enhanced commands:

# Basic scan with service detection
nmap -sV -p 80,8080 192.168.1.0/24

# Aggressive scan with OS detection
nmap -A -p 80,8080 192.168.1.1-254

# Scan with script checking for common web vulnerabilities
nmap --script http-enum -p 80,8080 192.168.1.0/24

When Nmap shows ports as open but you can't connect, try these troubleshooting steps:

# Check if the port is really listening
telnet 192.168.1.1 80

# Use curl for more detailed HTTP interaction
curl -I http://192.168.1.1:8080

# Test with different HTTP methods
curl -X GET http://192.168.1.1:80

For ongoing monitoring, consider setting up a scheduled scan:

# Bash script example for regular scanning
#!/bin/bash
DATE=$(date +%Y-%m-%d)
nmap -oN scan_$DATE.log -p 80,8080 192.168.1.0/24

# Add this to crontab for weekly scans
0 3 * * 0 /path/to/scan_script.sh

Remember that scanning networks without permission may violate company policies or laws. Always:

  • Get proper authorization
  • Document your scanning activities
  • Consider the impact on network performance

When scanning your corporate network for potentially unauthorized web servers, you've encountered a discrepancy between Nmap's port detection and actual browser accessibility. This common scenario often stems from several technical factors that require careful analysis.

Your initial command is technically correct for port scanning:


nmap -p 80,8080 192.168.1.0/24

Alternatively, for more detailed output:


nmap -sS -p 80,8080 -T4 --open 192.168.1.0-255 -oG web_scan.txt

Key parameters explained:

- -sS: TCP SYN scan (stealthier than full connect)

- -T4: Aggressive timing template

- --open: Only show open ports

- -oG: Greppable output format

When Nmap reports open ports but browsers fail to connect:

  • Firewall Interception: Local firewalls may block HTTP requests while allowing scans
  • Service Restrictions: Web servers might only accept connections from specific IP ranges
  • Non-HTTP Services: Other applications could be using these ports
  • Authentication Requirements: The server might demand credentials

To confirm actual HTTP service availability:


nmap -sV -p 80,8080 --script=http-title 192.168.1.0/24

Example output analysis:


Nmap scan report for 192.168.1.105
PORT     STATE SERVICE VERSION
80/tcp   open  http    Apache httpd 2.4.41 ((Ubuntu))
|_http-title: Site doesn't have a title (text/html).
8080/tcp open  http    nginx 1.18.0 (Ubuntu)
|_http-title: Welcome to nginx!

Browser-independent verification method:


curl -Iv http://192.168.1.105:8080
curl -Iv http://192.168.1.105:80

To rule out local firewall issues:


telnet 192.168.1.105 80
telnet 192.168.1.105 8080

For regular monitoring, consider this bash script:


#!/bin/bash
DATE=$(date +%Y-%m-%d)
OUTPUT_FILE="web_scan_$DATE.txt"

nmap -sS -p 80,8080 -T4 --open 192.168.1.0/24 -oG $OUTPUT_FILE

echo "Scan completed. Results saved to $OUTPUT_FILE"

For larger networks, consider:

  • Setting up continuous monitoring with nmap --script-args=http-useragent="Mozilla/5.0"
  • Implementing NAC (Network Access Control) solutions
  • Using SIEM integration for alerting on unauthorized web services