Re: Documentation issue (-F)

[David Fifield <david () bamsoftware com>]

On Thu, Apr 12, 2012 at 01:09:50PM -0500, Daniel Miller wrote:
> List,
>
> From the man page:
> > -F (Fast (limited port) scan) .
> >       Specifies that you wish to scan fewer ports than the
> > default. Normally Nmap scans the most common 1,000 ports for each
> > scanned protocol. With -F, this is reduced to 100.
> >
> >       Nmap needs an nmap-services file with frequency information
> > in order to know which ports are the most common. If port
> > frequency information isn't available, perhaps because of the use
> > of a custom nmap-services file, -F means to scan only ports that
> > are named in the services file (normally Nmap scans all named
> > ports plus ports 1–1024).
> Empirically, I see Nmap scans 1000 ports by default, 100 with -F,
> and <300 when nmap-services is not available. What is that last
> parenthetical statement about? Is this old info which should be
> purged?

This is not what I see. When I delete nmap-services from everywhere it
might be found:

$ ./nmap -d3 localhost | egrep -c '^[0-9]+/tcp'
Unable to find nmap-services!  Resorting to /etc/services
Port 2010 proto tcp is duplicated in services file /etc/services
Port 2121 proto tcp is duplicated in services file /etc/services
1200
$ ./nmap -d2 localhost -F | egrep -c '^[0-9]+/tcp'
Unable to find nmap-services!  Resorting to /etc/services
Port 2010 proto tcp is duplicated in services file /etc/services
Port 2121 proto tcp is duplicated in services file /etc/services
313

If you are using "--servicedb /etc/services", --servicedb implies -F, so
you would only see the smaller number.

The part about "all named ports plus ports 1-1024" is this code in
services.cc:

      getpts("1-1024,[1025-]", ports);

David Fifield
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/