March 29th, 2005, 01:21 AM
Nmap: What ports are scanned by default
I've looked in the MAN page and can't find the answer. I know if I use the -p option I can choose to scan the ones I want, but if you put in no options what range of ports does nmap scan by defaut? I know it's more that -F (Fast scan mode) and less than -p 1-65535.
March 29th, 2005, 01:23 AM
Well, you could always fire up tcpdump and see which ports it is but I believe it does the privilege ports by default (1-1024)
Found it. It was in the man page:
-p <port ranges>
This option specifies what ports you want to specify. For exam-
ple "-p 23" will only try port 23 of the target host(s). "-p
20-30,139,60000-" scans ports between 20 and 30, port 139, and
all ports greater than 60000. The default is to scan all ports
between 1 and 1024 as well as any ports listed in the services
file which comes with nmap.
For IP protocol scanning (-sO),
this specifies the protocol number you wish to scan for (0-255).
March 29th, 2005, 01:26 AM
I looked at one of my old logs and it looks like it goes way above that (it hists 65301, but I don't think every thing between.).
March 29th, 2005, 01:33 AM
That might be in the "services file" that comes with nmap.
March 29th, 2005, 01:35 AM
I found my answer in Fyodor's book, looks like the default is to scan 1-1024 and every higher one in the nmap-services file. That MsMittens.