Mac OS X,  Mac Security

Using Mac OS X's Built-in Port Scanner

It’s not nmap, but then it’s not meant to be.  Network Utility has a port scanner – it’s built in and really easy to use.  Since Network Utility is distributed with every copy of Mac OS X it stands to reason that every copy of Mac OS X has the ability to scan a port without using a GUI tool.  Enter one of the best named tools in Mac OS X, stroke.  Stroke is the command line back-end to the Port Scan tab of Network Utility.  To use stroke, you will need to cd into the Network Utility application bundle and then cd into Contents and then Resources.

Once you are in the /Applications/Utilities/Network Utility.app/Contents/Resources, you will need to provide stroke with an IP address (or name), followed by the first port to scan and then the last (or the same number twice if your range is only one IP address.  For example, if you want to port scan port 80 on your own system you could use the following:

./stroke 127.0.0.1 80 80

But you shouldn’t just stroke yourself (sorry, couldn’t help it).  You should also stroke others (Clarence Carter be damned!).  So if you want to port scan www.google.com for port 80 the following would achieve such a lofty goal:

./stroke www.google.com 80 80

Because the name www.google.com has to resolve, you’re actually able to check whether a DNS error occurs and whether you can communicate over port 80 to the host in one command.  If you want to make a copy of stroke into a directory and then add it to your environment variable’s PATH you can then use it without needing to change your working directory.