LinuxQuestions.org
Register a domain and help support LQ
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 12-10-2003, 07:59 AM   #1
davee
Member
 
Registered: Oct 2002
Location: Ayrshire, Scotland
Distribution: Suse(home) RHEL (Work)
Posts: 263

Rep: Reputation: 30
How can I scan *every* port with nmap?


I'm securing a (company) webserver on AIX - I've been using nmap to scan from my linux box for open ports, but there's some that I miss that a collegue with a windows machine picks up (with languard). What's the combination of flags to test every port on a box, both TCP and UDP? I know there's certain ports open for websphere (> about 9000) that I'm not picking up on.

Dave
 
Old 12-10-2003, 11:41 AM   #2
Bebo
Member
 
Registered: Jul 2003
Location: Göteborg
Distribution: Arch Linux (current)
Posts: 553

Rep: Reputation: 30
What about -p 0-65535?
 
Old 12-10-2003, 01:03 PM   #3
davee
Member
 
Registered: Oct 2002
Location: Ayrshire, Scotland
Distribution: Suse(home) RHEL (Work)
Posts: 263

Original Poster
Rep: Reputation: 30
Thanks!

Dave
 
Old 12-10-2003, 04:58 PM   #4
Bebo
Member
 
Registered: Jul 2003
Location: Göteborg
Distribution: Arch Linux (current)
Posts: 553

Rep: Reputation: 30
Glad I could help!
 
Old 12-10-2003, 09:37 PM   #5
stickman
Senior Member
 
Registered: Sep 2002
Location: Nashville, TN
Posts: 1,552

Rep: Reputation: 53
You might also want to consider trying different scan types to see if they yield different results.
 
Old 12-11-2003, 11:36 AM   #6
xerophyte
LQ Newbie
 
Registered: Dec 2003
Location: Toronto,Ontario,Canada
Posts: 18

Rep: Reputation: 1
Should not it be : nmap -p 1-65535 hostname

when you use
nmap -p 0-65535 hostname, you will get error

Ports to be scanned must be between 1 and 65535 inclusive
QUITTING!
 
Old 12-11-2003, 04:44 PM   #7
Bebo
Member
 
Registered: Jul 2003
Location: Göteborg
Distribution: Arch Linux (current)
Posts: 553

Rep: Reputation: 30
Hello,

Well, ShieldsUp! at https://grc.com included port 0, so I included it too. Now I've checked my two versions of nmap, and 3.00 gives the error that you mention, but 3.48 doesn't. I can't remember what port 0 is about, but as far as I remember you can distinguish between different OS:s that way.

*checking...*

Aha! Robert Graham says:

Commonly used to help determine the operating system. This works because on some systems, port 0 is "invalid" and will generate a different response when you connect to it vs. a normal closed port. One typical scan uses a destination IP address of 0.0.0.0 and sets the ACK bit, with broadcast at the Ethernet layer.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Nmap with Idle scan Ephracis Linux - Security 0 12-10-2004 05:08 AM
nmap scan results juanb Linux - Security 5 11-16-2004 02:31 AM
scan my network with nmap. amer_58 Linux - Networking 3 06-17-2004 12:11 AM
Port Scan (nmap -st) TroelsSmit Linux - Newbie 2 05-22-2004 03:13 PM
nmap scan loganwva Linux - Security 5 02-25-2003 07:16 PM


All times are GMT -5. The time now is 12:17 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration