3

I heard that nmap scans for only 1000 most common ports while we do server scan. Is it possible to force nmap to check all the ports for scanning? If yes,How?

Anandu M Das
  • 1,981
  • 14
  • 31
  • 46

2 Answers2

8

You can pass in the -p- flag as specified in the nmap help page.

For example,

nmap -p- 192.168.1.1

Another option would be to pass in the explicit range you want with the -p flag.

For example,

nmap -p 1-65535 192.168.1.1

  • 1
    Don't forget port 0. – PopularIsn'tRight Dec 16 '14 at 13:06
  • 1
    @Bachrach44 Port 0 is a technicality of the TCP spec that doesn't work in most systems, since the socket API considers the number 0 to represent "any available port." It can be included for completeness with `-p 0-65535`, but it is nearly impossible that you would ever find a valid listening service there. – bonsaiviking Dec 16 '14 at 14:44
  • Port 0 is used for fingerprinting OS. – Vi. Dec 17 '14 at 18:07
7

Use the -p command line parameter, for example:

nmap -p 1-65535 192.168.1.150

The above would result in a full scan from port 1 to port 65535 against IP 192.168.1.150.

kalina
  • 3,354
  • 5
  • 20
  • 36
  • The command is useful, but you have made a little spelling mistake while specifying the p parameter. I think two hyphens are used. ;) – Anandu M Das Dec 16 '14 at 11:53
  • 1
    I would think copy and paste suuuuuuuuuuuucks. – kalina Dec 16 '14 at 11:58
  • 2
    There's no reason that a "sneaky" sysadmin couldn't try to hide a service on port 0 as it is technically a valid port number. I'd always include it (-p 0-65535). It's worth noting that -p- doesn't include it. – Richard Dec 16 '14 at 12:10