Scanning using specific port ranges

There are situations when a system administrator is looking for infected machines that use a specific port to communicate, or when users are only looking for a specific service or open port and don't really care about the rest. Narrowing down the port ranges used also optimizes performance, which is very important when scanning multiple targets.

This recipe describes how to use port ranges when performing Nmap scans.

How to do it...

Open your terminal and enter the following command:

# nmap -p80 192.168.1.1/24

A list of hosts with the state of port 80 will appear in the results.

Nmap scan report for 192.168.1.102 
Host is up (0.000079s latency). 
PORT   STATE SERVICE 
80/tcp closed  http 

Nmap scan report for 192.168.1.103 
Host is up (0.016s latency). 
PORT   STATE SERVICE 
80/tcp open  http 
MAC Address: 00:16:6F:7E:E0:B6 (Intel) 

Nmap scan report for 192.168.1.254 
Host is up (0.0065s latency). 
PORT   STATE SERVICE 
80/tcp open  http 
MAC Address: 5C:4C:A9:F2:DC:7C (Huawei Device Co.) 

Nmap done: 256 IP addresses (3 hosts up) scanned in 8.93 seconds

How it works...

Nmap uses the flag -p for setting the port ranges to be scanned. This flag can be combined with any scanning method. In the previous example, we used the argument -p80 to indicate to Nmap that we are only interested in port 80.

The CIDR /24 in 192.168.1.1/24 is used to indicate that we want to scan all of the 256 IPs in our network.

There's more...

There are several accepted formats for the argument -p:

  • Port list:
    # nmap -p80,443 localhost
  • Port range:
    # nmap -p1-100 localhost
  • All ports:
    # nmap -p- localhost
  • Specific ports by protocols:
    # nmap -pT:25,U:53 <target>
  • Service name:
    # nmap -p smtp <target>
  • Service name wildcards:
    # nmap -p smtp* <target>
  • Only ports registered in Nmap services:
    # nmap -p[1-65535] <target>

See also

  • The Finding live hosts in your network recipe
  • The Listing open ports on a remote host recipe
  • The Scanning using a specified network interface recipe
  • The Running NSE scripts recipe
  • The Hiding our traffic with additional random data recipe in Chapter 2, Network Exploration
  • The Forcing DNS resolution recipe in Chapter 2, Network Exploration
  • The Excluding hosts from your scans recipe in Chapter 2, Network Exploration
  • The Scanning IPv6 addresses recipe in Chapter 2, Network Exploration
  • The Listing protocols supported by a remote host recipe in Chapter 3, Gathering Additional Host Information
..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.144.8.212