Hi Everyone

My query here - when i excute Nmap localhost

Wheather it would check all the port numbers or only few port numbers ?



I do not think it would check all the port numbers when the above command

Because when i excute the command Nmap localhost in the same
machine it shows the output as below ,
There is other port number 8834 which is listening but it is not displaying
in the result below . So the above command would check only few ports ?


22/tcp open ssh
25/tcp open smtp
80/tcp open http
443/tcp open https
514/tcp open shell
3306/tcp open mysql

Nmap offers a plethora of options, some for specifying ports and port ranges, as well as protocols, which you can see in the man page. To be sure that nmap is scanning at least as high as the port you are questioning, try nmap with the -p1-8834 argument, telling it to scan ports from #1 to #8834.

Thanks for the command. So by default till how many port it would scan ?

I don't know, and the man page IIRC did not specify. It's common however for port scanners to (by default) only scan the first 1024 ports. If you cannot find the answer in the manpage or Google, I would just err on the cautious side and specify the port range you desire.

From the man page:

The file nmap-services is typically installed at /usr/share/nmap/nmap-services

Thanks for all your update and this is really good piece of information

Thankyou

Hi! Sorry if this post is already closed but I was wondering if you could tell me something curious about nmap. I'll be straight.
If I run nmap on a computer with "localhost" as destination it tells me that I have 3 ports open; but if I run the same nmap with my ip address as parameter I find out that some ports that figured as open are closed in fact. Does anyone know why can this happen? Which result should I consider??

Because an application can bind to any combination of interfaces or IPs your system has. You have some programs listening only on localhost.
Why are you using nmap?

The latest version of Nmap scans the top 1000 ports by default. The top ports are based on popularity which is in the nmap-services file, third column. A -F scan means fast scan, this will scan the top 100 ports.

Right, maybe that's the reason, but, I did a similar test on a Windows box and found out that locally (using ip or localhost) for e.g.: msrpc, is enumerated as open and, remotelly, is enumerated as closed. This is really strange (maybe something to do with the way windows handles the protocol stack).

I'm using nmap to have some control of which services are available to remote hosts. It helps me to know if there is any of them I don't use to shut them down and minimize security risks. Not big deal, but helps a little.

Thanks for your answers!

What I did was man Nmap. Then print that to a file, and make a hard copy so you have your own manual with all the commands.