A consultant wants to scan all the TCP ports on an identified device. Which of the following Nmap switches will complete this task?
A. -p
B. -p ALL
C. -p 1-65534
D. -port 1-65534
A consultant wants to scan all the TCP ports on an identified device. Which of the following Nmap switches will complete this task?
A. -p
B. -p ALL
C. -p 1-65534
D. -port 1-65534
I am seeing answer A on some dumps being displayed as -p- Which has the same exact output as answer C, -p 1-65534.
I’m seeing answer A written differently.
Some sites show the answer as -p- and that is the same as using -p 1-65534.
Here is the output for nmap -p-
root@kali:~# nmap 10.0.2.11 -p-
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-06 01:15 EST
Nmap scan report for 10.0.2.11
Host is up (0.00036s latency).
Not shown: 65506 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
513/tcp open login
514/tcp open shell
1099/tcp open rmiregistry
1524/tcp open ingreslock
2049/tcp open nfs
2121/tcp open ccproxy-ftp
3306/tcp open mysql
3632/tcp open distccd
5432/tcp open postgresql
5900/tcp open vnc
6000/tcp open X11
6667/tcp open irc
6697/tcp open ircs-u
8180/tcp open unknown
8787/tcp open msgsrvr
43647/tcp open unknown
52580/tcp open unknown
58097/tcp open unknown
59979/tcp open unknown
MAC Address: 08:00:27:F6:69:30 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 4.30 seconds
root@kali:~#
And here is the output using -p 1-65534
root@kali:~# nmap 10.0.2.11 -p 1-65534
Starting Nmap 7.91 ( https://nmap.org ) at 2020-12-06 01:17 EST
Nmap scan report for 10.0.2.11
Host is up (0.00031s latency).
Not shown: 65505 closed ports
PORT STATE SERVICE
21/tcp open ftp
22/tcp open ssh
23/tcp open telnet
25/tcp open smtp
53/tcp open domain
80/tcp open http
111/tcp open rpcbind
139/tcp open netbios-ssn
445/tcp open microsoft-ds
512/tcp open exec
513/tcp open login
514/tcp open shell
1099/tcp open rmiregistry
1524/tcp open ingreslock
2049/tcp open nfs
2121/tcp open ccproxy-ftp
3306/tcp open mysql
3632/tcp open distccd
5432/tcp open postgresql
5900/tcp open vnc
6000/tcp open X11
6667/tcp open irc
6697/tcp open ircs-u
8180/tcp open unknown
8787/tcp open msgsrvr
43647/tcp open unknown
52580/tcp open unknown
58097/tcp open unknown
59979/tcp open unknown
MAC Address: 08:00:27:F6:69:30 (Oracle VirtualBox virtual NIC)
Nmap done: 1 IP address (1 host up) scanned in 3.06 seconds
root@kali:~#
Exactly the same.
The correct answer in a situation like this would be to choose the answer that requires the least amount of effort.
Output is not the same on the above.
nmap -p- results in : Not shown: 65506 closed ports
nmap -p 1-65534 results in : Not shown: 65505 closed ports
Hence the second nmap choice is missing the last port which is 65535.
Correct answer is A.
nmap -p-