The `—top-ports` option in NMAP is a command-line argument that allows you to scan the most commonly used ports. It instructs the NMAP tool to scan the specific number of most common ports as specified after this option. For instance, `nmap —top-ports 10 ` will scan the top 10 most common ports.

The utility ‘NMAP’, which stands for “Network Mapper”, is a free and open-source tool that enables system administrators or anyone else to discover hosts, protocols, and services on a computer network. This tool, in essence, sends packets and then analyzes the responses it gets back to create a map of the network (Source: “Nmap Network Scanning” book, by Gordon Fyodor Lyon). Most system admins use the tool for tasks such as network inventory, managing service upgrade schedules, monitoring host or service uptime or security auditing – a task in which the `—top-ports` option is particularly useful.

The mechanism of the `—top-ports` option is based on frequency analysis performed by NMAP authors through various sources such as Internet scans and security data from organizations (Source: official NMAP site, nmap.org). The reference data to determine most common ports comes from statistics that reveal what ports are commonly found to be open during scans.

For instance, because HTTP typically uses port 80, and many web servers use this port, port 80 may be one of the “top ports” scanned. Similarly, port 443, which is typically used for HTTPS traffic, might also be included in a top ports scan.

For example, if you want to scan the most common 1000 ports, you would use `nmap —top-ports 1000 `. This will scan ports such as 80 (HTTP), 443 (HTTPS), 22 (SSH), 25 (SMTP), and many more, as they are included in this list of top 1000 most common ports.

It is important to highlight that such NMAP scans must comply with any relevant laws and should not be used for any unauthorized or illegal activities. Unauthorized scanning can be viewed as a hostile act by network administrators and may violate privacy laws in some jurisdictions (Source: Computer Fraud and Abuse Act, in U.S. jurisdictions, or equivalent in other jurisdictions).

For more detailed understanding about `—top-ports` option and NMAP’s other functionalities, one can refer to the book “Nmap Network Scanning: The Official Nmap Project Guide to Network Discovery and Security Scanning” by Gordon Fyodor Lyon, or just visit and explore the official NMAP website (nmap.org).

DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP