Nmap from Scratch | Part-2 | Specifying different ports and services.

Welcome back!

In the last blog we covered the basics, this blog covers different options for ports and services.

There are different options in nmap for selecting ports based upon different scenarios, let’s consider nmap.scanme.org is our target and we want to scan different ports to find out if they have any service running on them.

But before we check out different options let’s first see what services run on which port, check out this cheat sheet.

Now let’s get started with scanning:

For instance let’s suppose we want to scan port number 22, which is a port for SSH service, we use the -p option to specify a port.

nmap -sT nmap.scanme.org -p 22

The result tells us that the port is closed which means there’s no service running on it.

The service name can also be used to specify the port for example:

nmap -sT nmap.scanme.org ssh        #scans port 22 for ssh

Let’s suppose we want to scan a range of ports, for that we’ll write:

nmap -sT nmap.scanme.org -p 22-80

The above command will scan for all the ports from port 22 (SSH) to port 80 (HTTP).

We can see in the result that port 80 is open and HTTP service is running on it, but we can’t see the closed ports because they are not shown, but if we want to see the closed ports as well, we can use the verbose option which is -v .

nmap -sT nmap.scanme.org -p 22-80 -vvv   #triple v means triple verbose

Which will give us something like this:

Nmap provides a lot more information with the verbose option, I highly recommend using verbose for every scan, as it gives information about what’s going on.

Moving on, to scan all the 65535 ports, we can write:

nmap -sT nmap.scanme.org -p-
nmap -sT nmap.scanme.org -p0- [ specifying 0 will skip the 0 port ]


So this option is the last one for specifying ports, as we all know that Nmap maintains a list of top ports, we can actually specify how many top ports we want to scan according to that list, to do that we use:

nmap -sT nmap.scanme.org --top-ports [number of top ports]

Some other few options that might be useful are:

  • Exclude Ports
nmap -sT nmap.scanme.org --exclude-port [port_number]
  • Scan ports consecutively
nmap -sT nmap.scanme.org -r  [ Will scan without randomization ]
  • Specify protocols with ports
nmap -sT nmap.scanme.org -p U:11,53,T:21-25

The command will scan for UDP ports 11 and 53, and for TCP ports from 21 to 25.

  • Fast Scan
nmap -sT nmap.scanme.org -F    [ Will scan for only top 100 ports ]

That’s it for this blog, we’ll cover different host discovery techniques in the next blog, till then keep practicing, you can ping me on Twitter for any query.

Check out my other interesting blogs here.




Infosec Enthusiast | Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

Porsche Launches New Open Source Initiative

Improve and Optimize Performance of React Apps With Reactime V7.0

screen showing Reactime in action

Reading Ram Using Linux

Implementing LinkedList using Java

The secret of deploying GPT-3 app

Just publish it

Run containerized app on AWS EC2 using CloudFormation

Individual Review [Deployment, Continuous Integration, Software Quality Assurance] #3 — Refo

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store


Infosec Enthusiast | Student

More from Medium

[project]Conduct Vulnerability Assessment using OSSIM and deal with incident tickets

Beware The XSS Attack

[EN] TryHackMe 25 Days of Cyber Security: Day 6 Walkthrough

Pico CTF Web Exploitation