There are situations when a system administrator is looking for infected machines that use a specific port to communicate, or when users are only looking for a specific service or open port and don't really care about the rest. Narrowing down the port ranges used also optimizes performance, which is very important when scanning multiple targets.
This recipe describes how to use port ranges when performing Nmap scans.
Open your terminal and enter the following command:
# nmap -p80 192.168.1.1/24
A list of hosts with the state of port 80
will appear in the results.
Nmap scan report for 192.168.1.102 Host is up (0.000079s latency). PORT STATE SERVICE 80/tcp closed http Nmap scan report for 192.168.1.103 Host is up (0.016s latency). PORT STATE SERVICE 80/tcp open http MAC Address: 00:16:6F:7E:E0:B6 (Intel) Nmap scan report for 192.168.1.254 Host is up (0.0065s latency). PORT STATE SERVICE 80/tcp open http MAC Address: 5C:4C:A9:F2:DC:7C (Huawei Device Co.) Nmap done: 256 IP addresses (3 hosts up) scanned in 8.93 seconds
Nmap uses the flag -p
for setting the port ranges to be scanned. This flag can be combined with any scanning method. In the previous example, we used the argument -p80
to indicate to Nmap that we are only interested in port 80.
The CIDR /24
in 192.168.1.1/24
is used to indicate that we want to scan all of the 256 IPs in our network.
There are several accepted formats for the argument -p
:
# nmap -p80,443 localhost
# nmap -p1-100 localhost
# nmap -p- localhost
# nmap -pT:25,U:53 <target>
# nmap -p smtp <target>
# nmap -p smtp* <target>
# nmap -p[1-65535] <target>
3.144.8.212