LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   How can I scan *every* port with nmap? (https://www.linuxquestions.org/questions/linux-security-4/how-can-i-scan-%2Aevery%2A-port-with-nmap-124538/)

davee 12-10-2003 07:59 AM

How can I scan *every* port with nmap?
 
I'm securing a (company) webserver on AIX - I've been using nmap to scan from my linux box for open ports, but there's some that I miss that a collegue with a windows machine picks up (with languard). What's the combination of flags to test every port on a box, both TCP and UDP? I know there's certain ports open for websphere (> about 9000) that I'm not picking up on.

Dave

Bebo 12-10-2003 11:41 AM

What about -p 0-65535?

davee 12-10-2003 01:03 PM

Thanks!

Dave

Bebo 12-10-2003 04:58 PM

Glad I could help! :)

stickman 12-10-2003 09:37 PM

You might also want to consider trying different scan types to see if they yield different results.

xerophyte 12-11-2003 11:36 AM

Should not it be : nmap -p 1-65535 hostname

when you use
nmap -p 0-65535 hostname, you will get error

Ports to be scanned must be between 1 and 65535 inclusive
QUITTING!

Bebo 12-11-2003 04:44 PM

Hello,

Well, ShieldsUp! at https://grc.com included port 0, so I included it too. Now I've checked my two versions of nmap, and 3.00 gives the error that you mention, but 3.48 doesn't. I can't remember what port 0 is about, but as far as I remember you can distinguish between different OS:s that way.

*checking...*

Aha! Robert Graham says:

Commonly used to help determine the operating system. This works because on some systems, port 0 is "invalid" and will generate a different response when you connect to it vs. a normal closed port. One typical scan uses a destination IP address of 0.0.0.0 and sets the ACK bit, with broadcast at the Ethernet layer.


All times are GMT -5. The time now is 04:27 AM.