We learned earlier that by default, Nmap only scans the top 1000 ports. However, services can be put online on any of the 65,535 ports that exist—not just the most common ones. Many system administrators and network engineers run services on very high ports such as 65,001, so that they aren't detected by normal scans. Security through obscurity, though, never really works!
It's possible to specify a specific port range by using the -p
flag. So, if you want to only scan port 80
on scanme.nmap.org
, you can type nmap -p 80 scanme.nmap.org
. The port specification flag works for ranges too—so, in another example, nmap -p1-1024 scanme.nmap.org
will scan ports 1
to 1024
(all privileged ports) on the target host.
There's also a useful trick to scan all 65,535 ports on a machine: instead of typing -p1-65535
, you can simply use the shortcut -p-
. The Nmap developers were kind and insightful enough to realize that typing the number "65,535" a lot gets quite tiring!
Although we're...