Nmap Development mailing list archives
Re: Using --top-ports for UDP selection only?
From: Chris Clements <cclements () flatearth net>
Date: Thu, 28 Apr 2011 10:06:05 -0500
Makes sense. Actually a bit embarrassed I didn't think of getting the top UDP ports like that before… I also agree with your thoughts on increasing complexity, however, my argument would be that this particular scenario is (or will become) very common. Specifically due to PCI ASV scanning requirements: From the ASV program guide, page 13: Perform service discovery The ASV scan solution must perform a port scan on all Transmission Control Protocol (TCP) ports. The ASV scan solution must also perform a port scan on common User Datagram Protocol (UDP) ports, including UDP ports related to the following services: * Authentication services such as RADIUS and Kerberos * Backdoors and remote access applications * Backup applications * Database servers * DNS (Domain Name System) * NetBIOS and CIFS * NFS (Network File System) * NTP (Network Time Protocol) * P2P (peer-to-peer) and chat applications * Routing protocols, including RIP (Routing Information Protocol) * RPC (Remote Procedure Call) and RPC endpoint mapping * SNMP (Simple Network Management Protocol) and SNMP trap * Syslog * TFTP (Trivial File Transfer Protocol) * NPNs (Virtual Private Networks), including ISAKMP, L2TP, and NAT-T * Other common UDP ports that may expose the scan customer to vulnerabilities, including ports associated with malicious activity Just my 2 cents. Thanks as always for such a great tool. Chris From: Fyodor <fyodor () insecure org> Date: Thu, 28 Apr 2011 01:38:48 -0700 To: Chris Clements <cclements () flatearth net> Cc: "nmap-dev () insecure org" <nmap-dev () insecure org> Subject: Re: Using --top-ports for UDP selection only? On Thu, Apr 21, 2011 at 12:59:41PM -0500, Chris Clements wrote:
Hi all, Is there a way I can tell nmap to scan all TCP ports, but only the top, say, 200 most common UDP ports? My first thought was to use "�op-ports 200" and specifying only TCP ports with p (-p T:1-65535), but it seems that specifying specific TCP ports overrides the top port selection for UDP.
Admittedly this is a little bit of a hack, but I first generate the list of top UDP ports (10 in this case): ./nmap -oX - -sU --top-ports 10 The output 'scaninfo' line includes the services list in Nmap format: 53,67,123,135,137-138,161,445,631,1434 So then I can run Nmap with: -p T:1-65535,U:53,67,123,135,137-138,161,445,631,1434 Of course if this becomes a common incantation, you save the Nmap command string to use later. Or you can get all fancy and make a custom nmap-services with just those ports you're interested in. Maybe we could make this easier with special options (or changes to the way existing options are interpreted). But I worry about making Nmap's command-line API even more complex. And there are a lot of things people might want to do. In your case you want "all TCP ports but only the top UDP ports". Other people might want "the top 100 TCP ports, plus these few", and still others might say "the top 100 ports, except definitely not hpjetdirect". So maybe it is easiest for people to just get the port string as shown above and manipulate it as they wish, then pass it to Nmap. Cheers, Fyodor _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://seclists.org/nmap-dev/
Current thread:
- Using --top-ports for UDP selection only? Chris Clements (Apr 22)
- Re: Using --top-ports for UDP selection only? David Fifield (Apr 27)
- Re: Using --top-ports for UDP selection only? Fyodor (Apr 28)
- Re: Using --top-ports for UDP selection only? DePriest, Jason R. (Apr 28)
- Re: Using --top-ports for UDP selection only? Fyodor (Apr 28)
- Re: Using --top-ports for UDP selection only? Chris Clements (Apr 29)
- Re: Using --top-ports for UDP selection only? DePriest, Jason R. (Apr 28)