官术网_书友最值得收藏!

Scanning using specific port ranges

There are situations when a system administrator is looking for infected machines that use a specific port to communicate, or when users are only looking for a specific service or open port and don't really care about the rest. Narrowing down the port ranges used also optimizes performance, which is very important when scanning multiple targets.

This recipe describes how to use port ranges when performing Nmap scans.

How to do it...

Open your terminal and enter the following command:

# nmap -p80 192.168.1.1/24 

A list of hosts with the state of port 80 will appear in the results.

Nmap scan report for 192.168.1.102 
Host is up (0.000079s latency). 
PORT STATE SERVICE 
80/tcp closed http 

Nmap scan report for 192.168.1.103 
Host is up (0.016s latency). 
PORT STATE SERVICE 
80/tcp open http 
MAC Address: 00:16:6F:7E:E0:B6 (Intel) 

Nmap scan report for 192.168.1.254 
Host is up (0.0065s latency). 
PORT STATE SERVICE 
80/tcp open http 
MAC Address: 5C:4C:A9:F2:DC:7C (Huawei Device Co.) 

Nmap done: 256 IP addresses (3 hosts up) scanned in 8.93 seconds 

How it works...

Nmap uses the flag -p for setting the port ranges to be scanned. This flag can be combined with any scanning method. In the previous example, we used the argument -p80 to indicate to Nmap that we are only interested in port 80.

The CIDR /24 in 192.168.1.1/24 is used to indicate that we want to scan all of the 256 IPs in our network.

There's more...

There are several accepted formats for the argument -p:

  • Port list:
    # nmap -p80,443 localhost
    
  • Port range:
    # nmap -p1-100 localhost
    
  • All ports:
    # nmap -p- localhost
    
  • Specific ports by protocols:
    # nmap -pT:25,U:53 <target>
    
  • Service name:
    # nmap -p smtp <target>
    
  • Service name wildcards:
    # nmap -p smtp* <target>
    
  • Only ports registered in Nmap services:
    # nmap -p[1-65535] <target>
    

See also

  • The Finding live hosts in your network recipe
  • The Listing open ports on a remote host recipe
  • The Scanning using a specified network interface recipe
  • The Running NSE scripts recipe
  • The Hiding our traffic with additional random data recipe in Chapter 2, Network Exploration
  • The Forcing DNS resolution recipe in Chapter 2, Network Exploration
  • The Excluding hosts from your scans recipe in Chapter 2, Network Exploration
  • The Scanning IPv6 addresses recipe in Chapter 2, Network Exploration
  • The Listing protocols supported by a remote host recipe in Chapter 3, Gathering Additional Host Information
主站蜘蛛池模板: 金坛市| 郁南县| 定西市| 法库县| 安远县| 衡阳县| 中牟县| 平遥县| 新邵县| 双江| 闽侯县| 申扎县| 咸丰县| 藁城市| 闽清县| 东安县| 罗平县| 镇沅| 新竹县| 德州市| 江口县| 霍林郭勒市| 始兴县| 道真| 长沙市| 浮梁县| 响水县| 通江县| 麻江县| 福泉市| 富川| 铁力市| 璧山县| 金沙县| 玉环县| 唐河县| 达拉特旗| 雷州市| 斗六市| 双柏县| 栾川县|