Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Port Exclusion option?

From: Mike Santillana <msantillana () gdssecurity com>
Date: Fri, 3 Feb 2012 11:53:04 -0500
If I manually put in ports (like for a full port scan), for example -p0-
will the ~/.nmap file prevent port, let's say 80 and 443, from being
scanned?


-----Original Message-----
From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org]
On Behalf Of Dewhirst, Rob
Sent: Friday, February 03, 2012 11:30 AM
To: nmap-dev () insecure org
Subject: Re: Port Exclusion option?

This works for me.

On Fri, Feb 3, 2012 at 3:12 AM, Fyodor <fyodor () insecure org> wrote:

On Tue, Jan 31, 2012 at 11:51:59AM -0600, Dewhirst, Rob wrote:

I was waiting for someone else to speak up, but since you asked, yes I
would really like this.

For normal scans the built-in default 1000 ports are fine, but in that
list is a couple ports that generate erroneous results in our
environment.  The byproduct is nmap thinks every IP address has a host
behind it. (it's our environment, not nmap causing this issue)

I would prefer to just exclude one or two ports from the default
rather than specify a range around them.


One option is to copy the nmap-services file to ~/.nmap and set the
popularity value to 0 for the ports you don't want scanned by default.
Nmap (on UNIX) will then give the file priority over the system
installed one.  Or you can specify the custom services file (on any
OS) using the --servicedb flag.

Cheers,
Fyodor

_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/
Previous By Date Next
Previous By Thread Next

Current thread: