Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Detecting a single open port

From: David Fifield <david () bamsoftware com>
Date: Sat, 18 Oct 2008 16:56:24 -0600
On Sat, Oct 18, 2008 at 10:08:40PM +0000, Jack Grahl wrote:

Jack Grahl wrote:

It would be useful to have an nmap mode which stops as soon as it has detected 

a single open port (per host).

What about TCP Ping scan? nmap -sP -PT80,25,22... might not be enough for what 
you want...


This is almost enough. I would like it to tell me the number of the
port which is open, rather than just . I would also like it to use the
portlist which I believe is built into nmap, and which optimizes
finding an open port after as few tries as possible (and which
includes all ports). Doing a SYN scan as a ping test at the moment
without a portlist means just port 80 is scanned.


I think it's still not well known that the -PS, -PA, -PU, etc., options
can take a port list in that same syntax as -p.

nmap -sP -PS'1-1024,[1025-]'

However that's not a complete solution for your problem because it scans
the ports sequentially (in a port scan Nmap cheats and puts more common
ports first), it doesn't use --top-ports logic, and you don't get the
port that responded, even with --reason.

David Fifield

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org
Previous By Date Next
Previous By Thread Next

Current thread: