{"id":3417,"date":"2021-02-11T15:23:23","date_gmt":"2021-02-11T20:23:23","guid":{"rendered":"http:\/\/osric.com\/chris\/accidental-developer\/?p=3417"},"modified":"2021-02-11T15:23:23","modified_gmt":"2021-02-11T20:23:23","slug":"nmap-scans-the-top-1000-ports-by-default-but-which-1000","status":"publish","type":"post","link":"https:\/\/osric.com\/chris\/accidental-developer\/2021\/02\/nmap-scans-the-top-1000-ports-by-default-but-which-1000\/","title":{"rendered":"nmap scans the top 1000 ports by default, but which 1000?"},"content":{"rendered":"<p>From <code>man nmap<\/code>:<\/p>\n<blockquote><p>The simple command nmap target scans 1,000 TCP ports on the host target.<\/p><\/blockquote>\n<p>You might reasonable ask, which 1,000 ports is it? Is the particular port in which I am interested included?<\/p>\n<p>Fortunately, nmap has a list of ports\/services that includes how frequently they are used. From this we can get the top 1000:<\/p>\n<pre><code>grep -v '^#' \/usr\/share\/nmap\/nmap-services | sort -rk3 | head -n1000<\/code><\/pre>\n<ul>\n<li>The initial grep is to filter out the comments (lines that begin with the hash mark).<\/li>\n<li>The sort command sorts in descending order, by the 3rd column (the frequency).<\/li>\n<li>The final head command displays only the top 1000 results.<\/li>\n<\/ul>\n<p>In my cases, I wondered if the radmin port, 4899\/tcp, was included in an nmap scan. I piped the above command to grep to find out:<\/p>\n<pre><code>grep -v '^#' \/usr\/share\/nmap\/nmap-services | sort -rk3 | head -n1000 | grep 4889\r\nradmin  4899\/tcp        0.003337        # Radmin (www.radmin.com) remote PC control software<\/code><\/pre>\n<p>It is included in a default nmap scan.<\/p>\n<p>Is there an easier way to do this? Drop me a line in the comments!<\/p>\n","protected":false},"excerpt":{"rendered":"<p>From man nmap: The simple command nmap target scans 1,000 TCP ports on the host target. You might reasonable ask, which 1,000 ports is it? Is the particular port in which I am interested included? Fortunately, nmap has a list of ports\/services that includes how frequently they are used. From this we can get the &hellip; <a href=\"https:\/\/osric.com\/chris\/accidental-developer\/2021\/02\/nmap-scans-the-top-1000-ports-by-default-but-which-1000\/\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">nmap scans the top 1000 ports by default, but which 1000?<\/span><\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3417","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/3417","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/comments?post=3417"}],"version-history":[{"count":5,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/3417\/revisions"}],"predecessor-version":[{"id":3423,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/posts\/3417\/revisions\/3423"}],"wp:attachment":[{"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/media?parent=3417"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/categories?post=3417"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/osric.com\/chris\/accidental-developer\/wp-json\/wp\/v2\/tags?post=3417"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}