How to ping a specific port of a remote host

ping is a networking utility used to test the reachability and round-trip time (RTT) delay of a remote host over Internet Protocol (IP). The ping utility does so by sending out a series of Internet Control Message Protocol (ICMP) echo request packets to a remote host, and waiting for corresponding ICMP response packets from the host. However, you cannot probe a specific port with ping command because ICMP belongs to layer-3 IP layer, not layer-4 transport layer (e.g., TCP/UDP).

In order to ping a specific port of a remote host, you need to use layer-4 transport protocols which have a notion of port numbers.

There are many command-line tools in Linux that read from and write to network connections using TCP or UDP. You can use some of these tools to ping a remote port, as described below.

Method One

nmap is a network mapper utility used to check the availability of hosts and their services. Using nmap, you can check whether a specific TCP/UDP port of a remote host is open or not.

To ping a TCP port of a remote host using nmap:

$ nmap -p 80 -sT www.xmodulo.com
Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-29 13:43 EDT
Interesting ports on www.xmodulo.com:
PORT   STATE  SERVICE
80/tcp closed http

Nmap done: 1 IP address (1 host up) scanned in 0.14 seconds

To ping a UDP port of a remote host using nmap:

$ sudo nmap -p 80 -sU www.xmodulo.com
Starting Nmap 5.00 ( http://nmap.org ) at 2012-08-29 13:47 EDT
Interesting ports on www.xmodulo.com:
PORT   STATE  SERVICE
80/udp closed http

Nmap done: 1 IP address (1 host up) scanned in 0.11 seconds

Note that unlike TCP case, you need root privilege to send out raw UDP packets using nmap.

Method Two

netcat is another powerful tool, nicknamed as "swiss-army knife" of networking. Among its rich features, netcat can do port scanning as follows.

To ping a TCP port of a remote host using netcat:

$ nc -zvv mit.edu 80
DNS fwd/rev mismatch: mit.edu != WEB.MIT.EDU
mit.edu [18.9.22.69] 80 (www) open
sent 0, rcvd 0

To ping a UDP port of a remote host using netcat:

$ nc -zuvv mit.edu 80
DNS fwd/rev mismatch: mit.edu != WEB.MIT.EDU
mit.edu [18.9.22.69] 80 (www) open
sent 0, rcvd 0

Method Three

The above tools so far only check whether a given port number is open or closed, but do not measure the RTT delay, like in the original ping utility. If you would like to actually measure network latency as well, you can use paping, which is a cross-platform TCP port testing tool.

$ paping mit.edu -p 80 -c 3

Subscribe to Xmodulo

Do you want to receive Linux FAQs, detailed tutorials and tips published at Xmodulo? Enter your email address below, and we will deliver our Linux posts straight to your email box, for free. Delivery powered by Google Feedburner.

The following two tabs change content below.
Dan Nanni is the founder and also a regular contributor of Xmodulo.com. He is a Linux/FOSS enthusiast who loves to get his hands dirty with his Linux box. He likes to procrastinate when he is supposed to be busy and productive. When he is otherwise free, he likes to watch movies and shop for the coolest gadgets.
Your name can also be listed here. Write for us as a freelancer.

12 thoughts on “How to ping a specific port of a remote host

  1. There is a method four ( just didn't have the idea right away so I googled and came here. There is a tool named hping.In Debian the packet is called hping3. Example:
    ~# hping3 -c 3 -S --destport 80 xmodulo.com
    HPING xmodulo.com (eth0 199.96.156.220): S set, 40 headers + 0 data bytes
    len=46 ip=199.96.156.220 ttl=52 DF id=0 sport=80 flags=SA seq=0 win=14600 rtt=169.0 ms
    len=46 ip=199.96.156.220 ttl=52 DF id=0 sport=80 flags=SA seq=1 win=14600 rtt=171.0 ms
    len=46 ip=199.96.156.220 ttl=52 DF id=0 sport=80 flags=SA seq=2 win=14600 rtt=171.0 ms

    --- xmodulo.com hping statistic ---
    3 packets transmitted, 3 packets received, 0% packet loss
    round-trip min/avg/max = 169.0/170.3/171.0 ms

  2. Just a heads up, when using nmap udp scan, if the icmp packets are blocked at a firewall, nmap will state the port as OPEN, which may or not be the case.

  3. try netcat (nc) and tcptraceroute, or tracepath to test connectivity to a specific port. ping only tests icmp and users often get confused because they can ping a host, but can't connect to a specific port. Also, if your firewall disallows ICMP but allows certain TCP ports, ping is misleading because it fail due to blocked ICMP.

  4. This is super useful for all kinds of things no one has even thought of yet. Sure the examples are straightforward and use common ports like 80. Think for a moment, who among us doesn't have some specialty app running on a custom port? This is a great article especially since ICMP is very often blocked at the firewall.

  5. Hi, you may use 'tcping' utility to pinging specified host and port too.. This utility may be installed via yum.

  6. I wouldn't call netcat and nmap "ping" tools, as you are not expecting an "echo" back from the target.
    The command paping that you review is certainly a "ping" tool.
    There is a similar tool (only for windows, I'm afraid) called "cryping" which you might want to consider in future articles ("ping tools"?)

  7. Most of the utilities you mention aren't available to users within an enterprise Linux setup. I might also suggest the use of the cURL utility to ping the specific port on a remote host:

    curl -v --connect-timeout 5 http://www.hosname.com:port

    Like so:

    curl -v --connect-timeout 5 mit.edu:80

    This also has the added benefit of returning a verbose response of the connection attempt, and will timeout after five seconds, if the host:port is down, or non-existent.

  8. @Dan, Nice write-up. As always, good to see neat tips and FAQs from you.

    Just wanted to add that the tools mentioned (i.e. nmap, nc, paping, hping ... etc), are all considered security tools and are typically removed/restricted in production machines where they are useful to confirm open port/service for a production application prior to deployment. In those cases, a simple "telnet " always works to confirm the connectivity (assuming the service is up and listening on the port being tested).

Leave a comment

Your email address will not be published. Required fields are marked *