Re: Nmap discovery - specifying port ranges?

[Pranay Kanwar <warl0ck () metaeye org>]

Hi,

It seems nmap does not accept more than 10 comma sparated ports
while specifying the port range in -PS, else one could have the following
in his .bashrc or .bash_profile

prange()
{
    test -z $1 && return
    echo $1 | awk 'BEGIN { FS = "-"}
    {
        start = $1
        stop  = $2
        while ( start < stop ) {
            printf("%d,",start)
            ++start
        }
        printf("%d",stop)
    }'
}

But nmap refuses to work on large ranges

# nmap -sP -PS`prange 1-1024` x.x.x.x/y
Bogus argument to -PS: Buffer would overflow -- too many numbers in provided list
QUITTING!

Doing with only 10

# nmap -sP -PS`prange 1024-1033` x.x.x.x/y
Starting Nmap 4.20 ( http://insecure.org ) at 2007-09-20 02:52 IST
Host somehost (x.y.z.s) appears to be up.
Nmap finished: 24 IP address (1 host up) scanned in 0.104 seconds

spencerforhire wrote:
> I've found Nmap ping sweeps (TCP SYN) very useful to discover machines
> that are up, but specifying port ranges doesn't seem to work.  When I
> try "-PS1-1024" I get:
>
> "Bogus character in supposed number-list string.  Example of proper
> form: "20,80,65532""
>
> Does anyone know if there is a way to specify port ranges w/ the ping option?
>
> Also, anyone know what the status of the "top ports" project
> (http://seclists.org/nmap-dev/2006/q3/0138.html) is?
>
> Thanks!

-- 
[ Twice the pride, double the fall. ]
[ warl0ck // MSG                    ]
[ http://www.metaeye.org            ]