Scanning using specific port ranges
There are situations when a system administrator is looking for infected machines that use a specific port to communicate, or when users are only looking for a specific service or open port and don't really care about the rest. Narrowing down the port ranges used also optimizes performance, which is very important when scanning multiple targets.
This recipe describes how to use port ranges when performing Nmap scans.
How to do it...
Open your terminal and enter the following command:
# nmap -p80 192.168.1.1/24
A list of hosts with the state of port 80 will appear in the results.
Nmap scan report for 192.168.1.102 Host is up (0.000079s latency). PORT STATE SERVICE 80/tcp closed http Nmap scan report for 192.168.1.103 Host is up (0.016s latency). PORT STATE SERVICE 80/tcp open http MAC Address: 00:16:6F:7E:E0:B6 (Intel) Nmap scan report for 192.168.1.254 Host is up (0.0065s latency). PORT STATE SERVICE 80/tcp open http MAC Address: 5C:4C:A9:F2:DC:7C (Huawei Device Co.) Nmap done: 256 IP addresses (3 hosts up) scanned in 8.93 seconds
How it works...
Nmap uses the flag -p for setting the port ranges to be scanned. This flag can be combined with any scanning method. In the previous example, we used the argument -p80 to indicate to Nmap that we are only interested in port 80.
The CIDR /24 in 192.168.1.1/24 is used to indicate that we want to scan all of the 256 IPs in our network.
There's more...
There are several accepted formats for the argument -p:
Port list:
# nmap -p80,443 localhostPort range:
# nmap -p1-100 localhostAll ports:
# nmap -p- localhostSpecific ports by protocols:
# nmap -pT:25,U:53 <target>Service name:
# nmap -p smtp <target>Service name wildcards:
# nmap -p smtp* <target>Only ports registered in Nmap services:
# nmap -p[1-65535] <target>
See also
The Finding live hosts in your network recipe
The Listing open ports on a remote host recipe
The Scanning using a specified network interface recipe
The Running NSE scripts recipe
The Hiding our traffic with additional random data recipe in Chapter 2, Network Exploration
The Forcing DNS resolution recipe in Chapter 2, Network Exploration
The Excluding hosts from your scans recipe in Chapter 2, Network Exploration
The Scanning IPv6 addresses recipe in Chapter 2, Network Exploration
The Listing protocols supported by a remote host recipe in Chapter 3, Gathering Additional Host Information
