Nmap from Scratch | Part-2 | Specifying different ports and services.

Welcome back!

In the last blog we covered the basics, this blog covers different options for ports and services.

There are different options in nmap for selecting ports based upon different scenarios, let’s consider nmap.scanme.org is our target and we want to scan different ports to find out if they have any service running on them.

But before we check out different options let’s first see what services run on which port, check out this cheat sheet.

Now let’s get started with scanning:

For instance let’s suppose we want to scan port number 22, which is a port for SSH service, we use the -p option to specify a port.

nmap -sT nmap.scanme.org -p 22

The result tells us that the port is closed which means there’s no service running on it.

The service name can also be used to specify the port for example:

nmap -sT nmap.scanme.org ssh        #scans port 22 for ssh

Let’s suppose we want to scan a range of ports, for that we’ll write:

nmap -sT nmap.scanme.org -p 22-80

The above command will scan for all the ports from port 22 (SSH) to port 80 (HTTP).

We can see in the result that port 80 is open and HTTP service is running on it, but we can’t see the closed ports because they are not shown, but if we want to see the closed ports as well, we can use the verbose option which is -v .

nmap -sT nmap.scanme.org -p 22-80 -vvv   #triple v means triple verbose

Which will give us something like this:

Nmap provides a lot more information with the verbose option, I highly recommend using verbose for every scan, as it gives information about what’s going on.

Moving on, to scan all the 65535 ports, we can write:

nmap -sT nmap.scanme.org -p-
nmap -sT nmap.scanme.org -p0- [ specifying 0 will skip the 0 port ]

Result:

So this option is the last one for specifying ports, as we all know that Nmap maintains a list of top ports, we can actually specify how many top ports we want to scan according to that list, to do that we use:

nmap -sT nmap.scanme.org --top-ports [number of top ports]

Some other few options that might be useful are:

  • Exclude Ports
nmap -sT nmap.scanme.org --exclude-port [port_number]
  • Scan ports consecutively
nmap -sT nmap.scanme.org -r  [ Will scan without randomization ]
  • Specify protocols with ports
nmap -sT nmap.scanme.org -p U:11,53,T:21-25

The command will scan for UDP ports 11 and 53, and for TCP ports from 21 to 25.

  • Fast Scan
nmap -sT nmap.scanme.org -F    [ Will scan for only top 100 ports ]

That’s it for this blog, we’ll cover different host discovery techniques in the next blog, till then keep practicing, you can ping me on Twitter for any query.

Check out my other interesting blogs here.

--

--

--

Infosec Enthusiast | Student

Love podcasts or audiobooks? Learn on the go with our new app.

Recommended from Medium

A New Way To Lock ADDY

Our talented fellow TRUEvector more works

Configuration management in Golang. Part 1: Environment Variables.

Kafka and My Online Life

Into the jungle of reactive operators

Apache Beam Python (Dataflow) KafkaIO for Protobuf Message Streaming

Between the uncertainty and the enthusiasm to learn something new.

HTML to PDF — Java

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
A3h1nt

A3h1nt

Infosec Enthusiast | Student

More from Medium

Let’s Become a Cloud Security Engineer #3: Exploit Vulnerabilities(THM)

Let’s learn WebApp Pentest from basic on DVWA. From setup to hack. Part 2. Bruteforce(low to high).

Linux Fundamental Part 2| TryHackMe

LFI | TryHackMe (THM)