Perform a Port scan

In a similar way to the previous trace (Scanning for blocked outgoing ports), tracetcp can be used to determine what ports are open an a particular host. To port scan the initial TTL of the packets must be greater than the number of hops to the host being scanned so that the connect packets don't expire on the way. Below is a port scan of my router that shows FTP, telnet and HTTP are all open. (the latest version of tracetcp has an option -s that makes scanning easier) 

$ tracetcp 192.168.0.1 -r 20 80 -c -m 1 -t 100 -h 50
[192.168.0.1:20]  1     *       *       *       Request timed out.
[192.168.0.1:21]  1     Dest. in 1 ms. Port OPEN on 192.168.0.1
[192.168.0.1:22]  1     *       *       *       Request timed out.
[192.168.0.1:23]  1     Dest. in 2 ms. Port OPEN on 192.168.0.1
[192.168.0.1:24]  1     *       *       *       Request timed out.
[192.168.0.1:25]  1     *       *       *       Request timed out.
[192.168.0.1:26]  1     *       *       *       Request timed out.

repeats until.....

[192.168.0.1:77]  1     *       *       *       Request timed out.
[192.168.0.1:78]  1     *       *       *       Request timed out.
[192.168.0.1:79]  1     *       *       *       Request timed out.
[192.168.0.1:80]  1     Dest. in 3 ms. Port OPEN on 192.168.0.1
Site Meter