Port Specification & Scan Order

1. -p

Description: This option specifies which ports you want to scan. It overrides the default port scan behavior, allowing you to scan specific individual ports or port ranges (e.g., 1-1023). You can also use it to scan all ports (1-65535) or specify ports by name.

• Example: Scan specific ports or port ranges.

  nmap -p 80,443 <target>        # Scan ports 80 and 443
  nmap -p 1-1023 <target>        # Scan ports 1 to 1023
  nmap -p 80,443,1000-2000 <target>  # Scan ports 80, 443, and 1000-2000
  nmap -p U:53,111,137,T:21-25 <target>  # Scan specific UDP and TCP ports
  nmap -p ftp,http* <target>       # Scan FTP and ports beginning with 'http'

2. --exclude-ports

Description: Excludes specified ports from scanning. Useful when you want to exclude specific ports from a scan.

• Example: Exclude certain ports from scanning.

  nmap --exclude-ports 80,443 <target>  # Exclude ports 80 and 443 from scanning
  nmap --exclude-ports 1-1023 <target>  # Exclude ports 1-1023 from scanning

3. -F (Fast scan)

Description: Performs a scan with fewer ports (100 instead of the usual 1,000 most common ports). This option is ideal for a faster but less comprehensive scan.

• Example: Perform a fast scan.

  nmap -F <target>  # Scan the top 100 most common ports

4. -r (Don't randomize ports)

Description: By default, Nmap randomizes the order of the ports it scans. Use the -r option to scan ports sequentially (in ascending order).

• Example: Scan ports in sequential order.

  nmap -r <target>  # Scan ports in a sequential order

5. --port-ratio

Description: Scans all ports from the nmap-services file where the port's ratio (or likelihood of being open) is greater than the specified ratio (between 0.0 and 1.0).

• Example: Scan ports with a high likelihood of being open (greater than 0.8).

  nmap --port-ratio 0.8 <target>  # Scan ports with a ratio greater than 0.8

6. --top-ports

Description: Scans the top most commonly open ports based on the nmap-services file, excluding any ports specified by --exclude-ports. The value of must be 1 or greater.

• Example: Scan the top 100 most common ports.

  nmap --top-ports 100 <target>  # Scan the top 100 most common ports

Summary Example Commands

Here are a few combined examples using the different options:

• Fast scan of specific ports with exclusions:

  nmap -F -p 80,443 --exclude-ports 80 <target>  # Fast scan of ports 80 and 443, but exclude 80

• Scan top 50 ports, excluding a range:

  nmap --top-ports 50 --exclude-ports 1-1024 <target>  # Scan top 50 ports, excluding ports 1-1024