The simple command nmap target scans 1,000 TCP ports on the host target.
You might reasonable ask, which 1,000 ports is it? Is the particular port in which I am interested included?
Fortunately, nmap has a list of ports/services that includes how frequently they are used. From this we can get the top 1000:
grep -v '^#' /usr/share/nmap/nmap-services | sort -rk3 | head -n1000
- The initial grep is to filter out the comments (lines that begin with the hash mark).
- The sort command sorts in descending order, by the 3rd column (the frequency).
- The final head command displays only the top 1000 results.
In my cases, I wondered if the radmin port, 4899/tcp, was included in an nmap scan. I piped the above command to grep to find out:
grep -v '^#' /usr/share/nmap/nmap-services | sort -rk3 | head -n1000 | grep 4889 radmin 4899/tcp 0.003337 # Radmin (www.radmin.com) remote PC control software
It is included in a default nmap scan.
Is there an easier way to do this? Drop me a line in the comments!