Let's dig in deep with Port Specifications. Nmap offers options/commands for
specifying which ports are scanned and whether the scan order should be
sequential or randomized. By default, Nmap scans the most common 1,000 ports
for each protocol.
First things first, you can use the help command for Nmap by
typing nmap -h.
Only Scan Specified ports (-p)
- This option specifies which ports you want to scan and overrides the default.
- You can define individual values separated by a comma (,) or ranges can be used separated by a hyphen (-). Example (This will scan ports from 5 till 1010 and from 1024 till 1050. This will be an SYN scan which is the default).
nmap <IP> -p5-1010,1024-1050
- The beginning and/or end values of a range may be omitted. Which will make Nmap scan 1 and 65535, respectively. Examples:
- nmap <IP> -p- (This will scan all ports from 1 to 65535)
- nmap <IP> -p-2000 (This will scan all ports from 1 as there is no initial value till 2000)
- nmap <IP> -p0- (This will scan all ports from 0 as it is defined explicitly till 65535)
- For the IP protocol (-sO) option, specify the protocol numbers you wish to scan for between 0–255.
- When scanning a combination of protocols (e.g. TCP and UDP), you can specify a particular protocol by preceding the port numbers by
- T: for TCP
- U: for UDP
- S: for SCTP
- P: for IP Protocol
- Example (You can define any ports you want but note that to scan both UDP and TCP, you have to specify -sU and at least one TCP scan type (such as -sS, -sF, or -sT). If no protocol qualifier is given, the port numbers are added to all protocol lists.
nmap <IP> -p U:53,111,137,5353,T:21-25,80-139-8080 -sU -sS
- Ports can also be specified by name according to what the port is referred to in the nmap-services. You can use * with the name. Example - To scan FTP and all ports whose names begin with “http”
nmap <IP> -p ftp,http*
Exclude the specified ports (--exclude-ports)
- This can be used to define which ports you want to exclude from Nmap to scan.
- The <port_ranges> are specified similarly to -p.
- For IP protocol scanning (-sO), this option specifies the protocol numbers you wish to exclude between 0–255.
- When excluded, they will be excluded from all types of scans (i.e. they will not be scanned under any circumstances). This also includes the discovery phase.
Don't Randomize Ports (-r)
- By default, Nmap randomizes the scanned port order.
- This randomization is normally desirable, but you can specify this option for sequential (sorted from lowest to highest) port scanning instead.
We hope this helps. If any suggestions or doubts you can add a comment and
we will reply as soon as possible.
No comments:
Post a Comment