How to manage specification and scan order

Nmap provides various options to specify ports to be scanned in a random or sequential order. All the Nmap scans, without any ports specified or any specific NSE script provided as an argument, by default scan only the top 1,000 ports:

  • -p <port ranges>: This option can be used to configure the ports to be scanned in multiple formats. It can be a range or a list. General representation of the syntax would be –p1-65535 if you want to perform a full port scan or –p1, 2, 3, or 4 as a random list that can be non-serial in nature.
  • --exclude-ports <port ranges>: It is a tedious task to prepare a list of ports to be scanned when the requirement is a full port with a few exclusions. In such cases, you can use the exclude ports flag to exclude the ports that are not to be scanned.
  • -F (Fast (limited port) scan): The fast scan further reduces the default number of ports scanned from 1,000 to 100. This will reduce the scan time immensely and thus provide quicker results, as the name suggests.
  • -r (Don't randomize ports): By default, Nmap randomizes the port order for the scan. This option allows the user to instruct Nmap to follow a strict order for the ports to be scanned.
  • --port-ratio <ratio>: This scans all ports in the Nmap-services file with a ratio greater than the one given. <ratio> must be between 0.0 and 1.0.
  • --top-ports <n>: This scans the <n> highest-ratio ports found in the Nmap-services file after excluding all ports specified by --exclude-ports. <n> must be 1 or greater.