Re: Using --top-ports for UDP selection only?

[Fyodor <fyodor () insecure org>]

On Thu, Apr 21, 2011 at 12:59:41PM -0500, Chris Clements wrote:
> Hi all,
>
> Is there a way I can tell nmap to scan all TCP ports, but only the top, say,
> 200 most common UDP ports?  My first thought was to use "‹top-ports 200" and
> specifying only TCP ports with ­p (-p T:1-65535), but it seems that
> specifying specific TCP ports  overrides the top port selection for UDP.

Admittedly this is a little bit of a hack, but I first generate the
list of top UDP ports (10 in this case):

./nmap -oX - -sU --top-ports 10

The output 'scaninfo' line includes the services list in Nmap format:

53,67,123,135,137-138,161,445,631,1434

So then I can run Nmap with:

-p T:1-65535,U:53,67,123,135,137-138,161,445,631,1434

Of course if this becomes a common incantation, you save the Nmap
command string to use later.  Or you can get all fancy and make a
custom nmap-services with just those ports you're interested in.

Maybe we could make this easier with special options (or changes to
the way existing options are interpreted).  But I worry about making
Nmap's command-line API even more complex.  And there are a lot of
things people might want to do.  In your case you want "all TCP ports
but only the top UDP ports".  Other people might want "the top 100 TCP
ports, plus these few", and still others might say "the top 100 ports,
except definitely not hpjetdirect".  So maybe it is easiest for people
to just get the port string as shown above and manipulate it as they
wish, then pass it to Nmap.

Cheers,
Fyodor
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/