Nmap Development mailing list archives
Re: UDP scan
From: David Fifield <david () bamsoftware com>
Date: Wed, 10 Feb 2010 18:35:03 -0700
On Wed, Feb 03, 2010 at 04:02:25PM +0100, Pierre Noguès wrote:
Hello, Is it possible to introduce an option that will perform a UDP protocol based scan only ? In pentest I scan all the tcp ports of my targets like that : nmap -sS -P0 -p0-65535 target/24 I would like to also scan the UDP port so i can do: nmap -sU -sS -P0 -p0-65535 target/24 But now it will scan the 65535 UDP ports and will wait 65536 times for a ICMP response which will never come back most of the time, it will be too long... What I would like to do is to scan all the tcp ports and the UDP ports that nmap support in the new UDP protocol based scan. I think the solution is to use this command : nmap -sU -sS -P0 -pT:0-65535,U:7,53,111... target/24 with U:7,53,111... containing the list of all the ports which are implemented by the nmap UDP protocol based scan (the ones in payload.cc).
Yes, your solution is correct. I don't think we should add an option to scan just the payload-bearing ports. For one thing, there are some ports, like daytime, that will return a positive response to a zero-byte probe. Another thing is that you are probably going to miss some ports that you care about if you only send payload probes. If you are concerned about speed, you might look into using the --top-ports option instead. I think you are better off just building the port list and using it in your command line. This is something that can be automated with a Zenmap profile. David Fifield _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- UDP scan Pierre Noguès (Feb 03)
- Re: UDP scan DePriest, Jason R. (Feb 09)
- Re: UDP scan David Fifield (Feb 10)