> For the complete documentation index, see [llms.txt](https://www.hackbook.io/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://www.hackbook.io/reconnaissance/active-scanning/nc-scan.md).

# NC Scan

### TCP CONNECT Scan

Try's to complete the 3 way handshake. If complete the port is listed as Open.\
&#x20;`#`<mark style="color:green;">`nc -nvv -w 1 -z 10.0.0.19 3388-3390`</mark>&#x20;

### UDP Scan

Send a UDP packet and if the port is closed we get back a ICMP packet. If no ICMP packet comes back then we assume the port is open or a FW/Win10 box is filtering the ICMP packet\
`#`<mark style="color:green;">`nc -unvv -w 1 -z <ip> <port-range>`</mark>

{% hint style="info" %}
There are many more things you can do with NC but Nmap will almost always be the easer/better option for external scans.
{% endhint %}
