-   Linux - Security (
-   -   How can I scan *every* port with nmap? (

davee 12-10-2003 07:59 AM

How can I scan *every* port with nmap?
I'm securing a (company) webserver on AIX - I've been using nmap to scan from my linux box for open ports, but there's some that I miss that a collegue with a windows machine picks up (with languard). What's the combination of flags to test every port on a box, both TCP and UDP? I know there's certain ports open for websphere (> about 9000) that I'm not picking up on.


Bebo 12-10-2003 11:41 AM

What about -p 0-65535?

davee 12-10-2003 01:03 PM



Bebo 12-10-2003 04:58 PM

Glad I could help! :)

stickman 12-10-2003 09:37 PM

You might also want to consider trying different scan types to see if they yield different results.

xerophyte 12-11-2003 11:36 AM

Should not it be : nmap -p 1-65535 hostname

when you use
nmap -p 0-65535 hostname, you will get error

Ports to be scanned must be between 1 and 65535 inclusive

Bebo 12-11-2003 04:44 PM


Well, ShieldsUp! at included port 0, so I included it too. Now I've checked my two versions of nmap, and 3.00 gives the error that you mention, but 3.48 doesn't. I can't remember what port 0 is about, but as far as I remember you can distinguish between different OS:s that way.


Aha! Robert Graham says:

Commonly used to help determine the operating system. This works because on some systems, port 0 is "invalid" and will generate a different response when you connect to it vs. a normal closed port. One typical scan uses a destination IP address of and sets the ACK bit, with broadcast at the Ethernet layer.

All times are GMT -5. The time now is 04:27 AM.