Netcat is an extremely useful, multipurpose networking utility that can be used for a plethora of purposes. One effective use of Netcat is to perform port scans:

1. To identify the usage options, Netcat (nc) should be called with the -h option, as follows:

2. As indicated by the usage output, the -z option can effectively be used for scanning. To scan the TCP port 80 on a target system, we use the -n option to indicate that an IP address will be used, the -v option for verbose output, and the -z option for scanning, as follows:

3. Performing a scan attempt against an open port will return the IP address, port address, and port status. Performing the same scan against a closed port on a live host will indicate that the connection was refused. We can automate this in a loop, as shown in the following command:

4. A sequential series of port numbers can be passed through a loop, and all of the ports can be scanned easily and quickly. However, in the example provided, the output for both open and closed ports is included. This is acceptable only if a small number of ports are being scanned. However, if a large number of ports are being scanned, it might be inconvenient to sort through all of the closed ports to find the ones that are open. As such, we can instinctively try to pipe over the output and grep out the lines associated with the open ports, as follows:

5. However, in attempting to pipe over the output and grepping from it, the total output is still returned. This is because Netcat outputs to STDERR instead of STDOUT. To effectively grep from the output of this tool, one must redirect the output to STDOUT with 2>&1, as follows:

6. By passing the output to STDOUT and then grepping from that output, we are able to isolate the lines of output that provide details on the open ports. We can be even more concise by only extracting the information that we need from these lines. If a single host is being scanned, we will likely only benefit from the third and fourth fields:

7. To extract these fields from the output, the cut function can be used to separate the line with a space delimiter and then by specifying the fields to be output. However, there is also an effective way to specify a range of ports within Netcat without passing the tool through a loop. By passing nc as a sequential series of port address values, Netcat will automatically display only the open ports:

8. Just the same, however, we need to pass its output to STDOUT to be able to pipe it over to the cut function. By displaying fields 2 through 4, we can limit the output to the IP address, port address, and associated service, as follows:

9. Using a loop function in bash, we can scan multiple sequential host addresses with Netcat and then extract the same details to identify which ports are open on the various scanned IP addresses: