You can also use netstat and ps commands in parallel with Nmap to identify services using the scanned ports.One of the first steps in penetration testing is reconnaissance. In this article, I have shown you how to use Nmap for scanning ports on a server. The most commonly used are these:įor scanning TCP connection, you can use the -sT flag: sudo nmap -sT įor scanning UDP connection, you can use the -sU flag: sudo nmap -sU įor scanning both the TCP and UDP open ports, you can use: sudo nmap -n -PN -sT -sU -p- įor scanning SYN packets, you can use the -sS flag: sudo nmap -sS Conclusion There are several ways to execute port scanning using Nmap. The -F option scans only the top 100 ports. The -top-ports option scans only the most common ports. In a nutshell, based on his research, to cover 90% of the open ports, you need to target only 576 TCP ports and 11,307 UDP ports. He has picked up the most prevalent TCP and UDP ports by researching millions of IP addresses and exploring many enterprise networks. Nmap developer Fyodor, a big applause to him for his excellent tool, has reduced the headache of scanning this huge range of ports. However, most of these ports are hardly open. Scanning all the 65,536 ports of each protocol is a time-consuming task. Suppose you want to scan all http-related ports: nmap -p http* Scanning the top-ports Using wildcards can also simplify a scanning task. Similarly, you can exclude the last port to scan up to the last possible port: nmap -p 65255- Using Wildcards with Nmap For example, you can remove the starting port to start scanning from port one: nmap -p -22 You can do further customization to port ranges. To scan multiple ports, you need to separate them with commas as shown here: nmap -p 22,25,80 23: Telnet (Insecure, not recommended for most uses).You can use other protocol numbers in the same way.Ī brief list of some of the commonly used ports and protocols is given below: These are only two examples to show you how Nmap scanning works on a protocol with a given protocol number. One thing to note here is that you can also use the name of the port instead of its number for example, for SSH scanning, you can use: nmap -p ssh The default port number for SSH connection is 22, so in this case the Nmap scanning command will be: nmap -p 22 Similarly, for https traffic on port 443 (the default port number), you can use the Nmap scanning as: nmap -p 443 You can scan it with Nmap as: nmap -p 80 Let’s see some popular port scan examples:Īpache Port 80 and 443: Port 80 is the default port number for HTTP requests on Apache. Scanning a specific portĪt its most basic, Nmap can scan a single port by just specifying the target port number with the -p option. In case you are looking for a UDP port scan for servers that run on UDP ports, use: sudo nmap -sU Īlso, it is important to note that, unlike TCP, for scanning UDP ports, you need to have root privileges. If these ports were not active earlier, you should check the system logs of the target system for a possible security breach. These ports are used by SSH and HTTP services respectively. You can see that there are two important open ports on the target – 22 and 80. With the -sT parameter, nmap can do a simple TCP scan to look for open ports: nmap -sT Note: Most of the time in this tutorial, I will use the Nmap provided website as our target for scanning.
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |