Results 1 to 5 of 5

Thread: Nmap: What ports are scanned by default

  1. #1
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897

    Nmap: What ports are scanned by default

    I've looked in the MAN page and can't find the answer. I know if I use the -p option I can choose to scan the ones I want, but if you put in no options what range of ports does nmap scan by defaut? I know it's more that -F (Fast scan mode) and less than -p 1-65535.

  2. #2
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    Well, you could always fire up tcpdump and see which ports it is but I believe it does the privilege ports by default (1-1024)

    Found it. It was in the man page:

    -p <port ranges>
    This option specifies what ports you want to specify. For exam-
    ple "-p 23" will only try port 23 of the target host(s). "-p
    20-30,139,60000-" scans ports between 20 and 30, port 139, and
    all ports greater than 60000. The default is to scan all ports
    between 1 and 1024 as well as any ports listed in the services
    file which comes with nmap.
    For IP protocol scanning (-sO),
    this specifies the protocol number you wish to scan for (0-255).
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  3. #3
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I looked at one of my old logs and it looks like it goes way above that (it hists 65301, but I don't think every thing between.).

  4. #4
    Just a Virtualized Geek MrLinus's Avatar
    Join Date
    Sep 2001
    Location
    Redondo Beach, CA
    Posts
    7,323
    That might be in the "services file" that comes with nmap.
    Goodbye, Mittens (1992-2008). My pillow will be cold without your purring beside my head
    Extra! Extra! Get your FREE copy of Insight Newsletter||MsMittens' HomePage

  5. #5
    King Tutorial-ankhamun
    Join Date
    Jul 2004
    Posts
    897
    I found my answer in Fyodor's book, looks like the default is to scan 1-1024 and every higher one in the nmap-services file. That MsMittens.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •