ESP32 Bit Pirate home
  • Network
  • Intermediate
  • 5 min
  • nmap

Recipe · Intermediate · Network

How to check open ports with nmap

Wi-Fi and Ethernet modes document an nmap <host> [-p ports] command. The Ethernet wiki gives examples for single ports, comma-separated ports, ranges and UDP checks.

Scan result over a bus or local network.
A tiny port check can explain why HTTP, SSH, Telnet or Modbus does not answer.
Step 1

Commands

Connect first, then run a narrow port check.

Result

What it means

An open port means the next step is protocol-specific. Closed or filtered ports point to service, firewall or routing issues.

Troubleshooting

  • The target changed IP address.
  • The service is bound to another interface.
  • Firewall blocks the port from the ESP32 network segment.
  • UDP checks may be less definitive than TCP checks.

Next steps

  • Use nc or telnet for a raw TCP session.
  • Use http get for web endpoints.
  • Use modbus for Modbus TCP after confirming the port.

nmap-style port check FAQ

Is this a full replacement for desktop nmap?

No. The firmware command is useful for quick bench checks and common TCP or UDP port tests, but desktop nmap remains better for deep discovery, scripting and advanced scan types.

When should I specify ports manually?

Specify ports when you know the service family, such as 22 for SSH, 80 or 443 for web, or 502 for Modbus TCP. It is faster and produces less noise than a broad scan.

Why can a port show filtered or closed?

A firewall, router, target service state, wrong subnet, missing route or UDP ambiguity can all hide a service. Confirm the device is reachable before trusting a port result.

Go deeper