Nmap: Use the –top-ports Option for Both TCP and UDP Simultaneously

I’m a big fan of nmap‘s --top-ports option, which gives you the ability to leverage Fyodor’s latest Internet research on open ports on the Internet.

Basically, he scanned most of the Internet and determined which ports are usually open, and he built lists of the top ports for use within nmap. So now instead of saying:

nmap -p 1-10000 $target

…to hopefully get “most” of the ports you’re looking for, you can instead say:

nmap --top-ports 1000 $target

…which yields dramatically faster and more accurate results.

From the website:

93% in just 1,000 ports. Nice.

Anyway, the --top-ports option by default launches a TCP scan, and figuring out how to do both a TCP and a UDP scan at the same time isn’t intuitive for everyone. All you do is preceed your scan with the -s option, combined with the type of scans you want to do.

So, for both TCP and UDP, it’d be:

nmap -sTU --top-ports

That’s it. Here are the options I like to use for a basic scan:

nmap -vv -O -P0 -sTUV –top-ports 1000 -oA target $target

Which does all of the following:

• very verbose

• get the operating system

• tcp, udp, and version information

• top 1,000 TCP and UDP ports

• output in nmap, greppable, and XML format

As a special bonus for those wanting to use tcpdump to capture your scan traffic, you can just add --packet-trace to your scan to see the actual packets that leave and exit your box from right within nmap.

Notes

1. My nmap Primer

Related posts:

1. My Journey to Beginner Audiophile

2. 5 Things You Didn’t Know You Could do with Nmap

3. How to Run the Latest Version of Nmap on Ubuntu