How to discover open ports?

In a local network, a device like the FortiGate existed and clients connecting to it for use the Internet. The traceroute output is:

$ sudo traceroute -4 -I
traceroute to (, 30 hops max, 60 byte packets
1 (  3.090 ms  3.412 ms  3.720 ms
2  two.two.two.two (  0.692 ms  0.796 ms  0.904 ms
3 (  0.202 ms  0.181 ms  0.169 ms
16 (  33.692 ms  33.689 ms  33.685 ms

I scanned IP address with the Nmap, but it couldn’t detect any open ports. How can I find the port that packets pass through it?

Thank you.


Different types of scans can be performed:

To scan using TCP connect (it takes longer, but is more likely to connect):

nmap –sT

To perform the default SYN scan (it tests by performing only half of the TCP handshake):

nmap –sS

To instruct Nmap to scan UDP ports instead of TCP ports (the –p switch specifies ports 80, 130, and 255 in this example):

nmap –sU –p 80,130,255

Or try download angry ip scanner that is nmap with web-gui


I did following Nmap parameters:

$ sudo nmap -sU -p 80,443
Starting Nmap 7.70 ( ) at 2023-01-18 13:35 +0330
Note: Host seems down. If it is really up, but blocking our ping probes, try -Pn
Nmap done: 1 IP address (0 hosts up) scanned in 3.15 seconds
$ sudo nmap -Pn
Starting Nmap 7.70 ( ) at 2023-01-18 13:33 +0330
Nmap scan report for
Host is up (0.00016s latency).
Not shown: 999 filtered ports
113/tcp closed ident

Nmap done: 1 IP address (1 host up) scanned in 11.52 seconds
$ sudo nmap -Pn -p 80,443,8080
Starting Nmap 7.70 ( ) at 2023-01-18 13:39 +0330
Nmap scan report for
Host is up.

80/tcp   filtered http
443/tcp  filtered https
8080/tcp filtered http-proxy

Nmap done: 1 IP address (1 host up) scanned in 3.13 seconds

As you, it couldn’t detect any open port. How a hacker finds open ports?

You did it correctly. The host you’re scanning doesn’t have any open ports in that range.

1 Like

So, what is the solution?

solution is that host havent any open ports

As I said, that device is a gateway (FortiGate) that clients connecting to it for use the Internet, then how it hasn’t any open port?

No idea?
How clients using a device to connect to the Internet, then that device doesn’t have any open port?

There are ports that are filtered there, this could indicate something like an IP address whitelist, where in order to connect, you have to have a certain IP address, maybe a VPN appliance or something.

1 Like

I’m a part of this network.

Fortigate is a Firewall device with different technics to prevent from port scanning. You can see that your first scan failed because ICMP is blocked on devices like this.
It also filtered your other scans. This could be caused by a Policy or IDS/IPS.

This does not mean there are no open ports, you just can not scan for them.

1 Like

Thank you so much for your reply.
In this situation, how does a hacker find the open ports?

Web Application Firewalls commonly only allow certain traffic to certain websites with certain applications. My suggestion would be to use Google to find something along the lines of “bypass WAF scan” or maybe even read NMAP’s man page.

1 Like

Good read man, thank you.

This topic was automatically closed after 121 days. New replies are no longer allowed.