Discovery scan as a port scan?

Hello Friends,

I want to accomplish “port scanning”, or testing the firewalling between zones. I want to see what is open between zones, at layers 3 and 4 of OSI. I don’t want to use NMAP. Would the “Discovery” scan config achieve this? I’m not looking for a full vulnerability scan.




please see Scan Ports on how to include all open TCP and UDP ports within your reports.

If you only want to get the open ports shown without doing vulnerability / product detection scans you can follow this steps:

  1. Create a new “Empty, static and fast” scan configuration

  2. Add the following three VTs to this scan config

    Nmap (NASL wrapper) - OID:

    Checks for open UDP ports - OID:

    Checks for open TCP ports - OID:

  3. Set the preference “Silent” of the two Open Ports VTs to “no”.

  4. (Optional) If you want to add hostnames to your scan report the following additional VT for GVM < 10 from the Service detection Family is required:

    Host Details - OID:

  5. Create a new target for the targets with the port list you want to use.

  6. Create a new task and assign the created scan configuration as well as the target to this task

  7. Run a new scan

Thanks. I did all you instructed. It took a few minutes to find those VT’s, but I figured out the “Family” thing and found them.

I’m trying out the config now. I have another question. Will your config tell me what ports are open on the firewall, even if there is no host behind the firewall listening or responding on that port? I want to see what the firewall is allowing through, even if there is no host with that IP address behind it.


Is there a way to achieve this in GCS? The Discovery Scan provides Info about ICMP Pings and such but is there a easy way to get a list of all Hosts and their open ports?