In the Nmap Network Scanning book, chapter 15 , section Port Specification and Scan Order , to quote “By default, Nmap scans the most common 1,000 ports for each protocol.” [1] However, the documentation did not mention the list of 1000 ports. So, how to identify and show those 1000 ports ? --top-ports n: the n highest-ratio ports found in nmap-services. n must be 1 or greater -v: verbose level, to print the -oG: grepable output - : output to stdout $ nmap --top-ports 1000 -v -oG - localhost Note: refer to /usr/share/nmap/nmap-services file for the service name and protocol.

Table of Contents Nmap Ndiff Scan and interpret the results/diffs Automation Nmap Ndiff Ndiff is a tool to aid in the comparison of Nmap scans. Ndiff, like the standard diff utility, compares two scans at a time. It takes two Nmap XML output files and prints the differences between them. The differences observed are: Host states (e.g. up to down) Port states (e.

Table of Contents Scan a Network/Subnet Host Discovery Scan a large public network Scan a private network: 192.168.1.0/24 Scan a Single Target Remote OS and Service Detection Host and Port State Reason List of Examples Scan a Network/Subnet Host Discovery HOST DISCOVERY: -sL: List Scan - simply list targets to scan, without sending any packets to the target hosts, useful to generate list of target hosts and dns resolution.

Table of Contents Traceroute ICMP mode UDP mode TCP mode Output format explanation Hping3 InTrace Nmap: traceroute-geolocation script Traceroute Traceroute is useful for diagnosing networking problems, e.g., end-to-end connectivty, complement with ping. It can also be used to pinpoint the location of devices, routers and firewalls. The tracerouting tools fundamentally rely on the IP packet’s field - TTL (Time-To-Live, decremented at each hop, dies at 0), they send short-life IP packets and wait for Time Exceeded ICMP packets reporting the death of these packets from a router, consequently reveal the route.