Nmap port specification

In the default configuration, Nmap will only scan randomly the 1,000 most common ports for each protocol. The nmap-services file contains a popularity score for the selection of the top ports.

To change that configuration, Nmap provides several options:

  • -p port range: This scans only the defined ports. To scan ports 1 to 1024, the command is -p 1-1024. To scan ports 1 to 65535, the command is -p-.
  • -F (fast): This will scan only 100 common ports.
  • -r (don't randomize port): This option will set sequential port scanning (from lowest to highest).
  • --top-ports <1 or greater>: This option will only scan the N highest-ratio ports found in the nmap-service file.

To scan for ports 22 and 25 using the TCP NULL scan method, you can use the following command:

nmap -sN -p 22,25 172.16.43.156

The following command lines are the result:

    Nmap scan report for 172.16.43.156
    Host is up (0.00089s latency).
    PORT     STATE         SERVICE
    22/tcp   open|filtered ssh
    25/tcp   open|filtered smtp
    MAC Address: 00:0C:29:18:0F:08 (VMware)
    Nmap done: 1 IP address (1 host up) scanned in 1.52 seconds

The following are the packet's dumped snippets:

23:23:38.581818 IP 172.16.43.150.61870 >172.16.43.156.22: Flags [], win 1024, length 0 
  0x0000:  4500 0028 06e4 0000 2f06 92ce c0a8 3866  E..(..../.....8f 
  0x0010:  c0a8 3867 f1ae 0016 dd9e bf90 0000 0000  ..8g............ 
  0x0020:  5000 0400 2ad2 0000                      P...*... 
 
23:23:38.581866 IP 172.16.43.150.61870 >172.16.43.156.25: Flags [], win 1024, length 0 
  0x0000:  4500 0028 1117 0000 3106 869b c0a8 3866  E..(....1.....8f 
  0x0010:  c0a8 3867 f1ae 0019 dd9e bf90 0000 0000  ..8g............ 
  0x0020:  5000 0400 2acf 0000                      P...*... 
 
23:23:39.683483 IP 172.16.43.150.61871 >172.16.43.156.25: Flags [], win 1024, length 0 
  0x0000:  4500 0028 afaf 0000 2706 f202 c0a8 3866  E..(....'.....8f 
  0x0010:  c0a8 3867 f1af 0019 dd9f bf91 0000 0000  ..8g............ 
  0x0020:  5000 0400 2acc 0000                      P...*... 
 
23:23:39.683731 IP 172.16.43.150.61871 >172.16.43.156.22: Flags [], win 1024, length 0 
  0x0000:  4500 0028 5488 0000 3506 3f2a c0a8 3866  E..(T...5.?*..8f 
  0x0010:  c0a8 3867 f1af 0016 dd9f bf91 0000 0000  ..8g............ 
  0x0020:  5000 0400 2acf 0000                      P...*...

From the packets displayed in the preceding code, we can see the following:

  • In the first and second packets, the attacking machine checks whether port 22 on the target machine is open. After a period of time, it checks port 25 on the target machine.
  • In the third and fourth packets, the attacking machine checks whether port 25 on the target machine is open. After a period of time, it checks port 22 on the target machine.
  • After waiting for some time, as there is still no response from the target machine, Nmap concludes that those two ports are open or filtered.
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.111.183