Fun fact about network port

24年 9月 21日 Saturday
2562 words
13 minutes

Port standarization

Did you know that port number are standarized in some way? actually, you can view a pair of services and its port on /etc/services, read more on services(5).

Who responsible to organize the standarization? the answers is, IANA.

Even though there is a standarization, I can't figure out how nmap specify service name on the following output:

text
[root@laptop reyuki]# nmap -v -sS 192.168.18.1/24
Starting Nmap 7.95 ( https://nmap.org ) at 2024-09-21 13:31 WIB
Initiating ARP Ping Scan at 13:31
Scanning 255 hosts [1 port/host]
Completed ARP Ping Scan at 13:31, 2.64s elapsed (255 total hosts)
Initiating Parallel DNS resolution of 3 hosts. at 13:31
Completed Parallel DNS resolution of 3 hosts. at 13:31, 0.01s elapsed
Nmap scan report for 192.168.18.0 [host down]
Nmap scan report for 192.168.18.2 [host down]
Nmap scan report for 192.168.18.3 [host down]
Nmap scan report for 192.168.18.4 [host down]
Nmap scan report for 192.168.18.5 [host down]
Nmap scan report for 192.168.18.6 [host down]
Nmap scan report for 192.168.18.7 [host down]
Nmap scan report for 192.168.18.8 [host down]
Nmap scan report for 192.168.18.9 [host down]
Nmap scan report for 192.168.18.10 [host down]
Nmap scan report for 192.168.18.11 [host down]
Nmap scan report for 192.168.18.12 [host down]
Nmap scan report for 192.168.18.13 [host down]
Nmap scan report for 192.168.18.14 [host down]
Nmap scan report for 192.168.18.15 [host down]
Nmap scan report for 192.168.18.16 [host down]
Nmap scan report for 192.168.18.17 [host down]
Nmap scan report for 192.168.18.18 [host down]
Nmap scan report for 192.168.18.19 [host down]
Nmap scan report for 192.168.18.20 [host down]
Nmap scan report for 192.168.18.21 [host down]
Nmap scan report for 192.168.18.22 [host down]
Nmap scan report for 192.168.18.23 [host down]
Nmap scan report for 192.168.18.24 [host down]
Nmap scan report for 192.168.18.25 [host down]
Nmap scan report for 192.168.18.26 [host down]
Nmap scan report for 192.168.18.27 [host down]
Nmap scan report for 192.168.18.28 [host down]
Nmap scan report for 192.168.18.29 [host down]
Nmap scan report for 192.168.18.30 [host down]
Nmap scan report for 192.168.18.31 [host down]
Nmap scan report for 192.168.18.32 [host down]
Nmap scan report for 192.168.18.33 [host down]
Nmap scan report for 192.168.18.34 [host down]
Nmap scan report for 192.168.18.35 [host down]
Nmap scan report for 192.168.18.36 [host down]
Nmap scan report for 192.168.18.38 [host down]
Nmap scan report for 192.168.18.39 [host down]
Nmap scan report for 192.168.18.40 [host down]
Nmap scan report for 192.168.18.41 [host down]
Nmap scan report for 192.168.18.42 [host down]
Nmap scan report for 192.168.18.43 [host down]
Nmap scan report for 192.168.18.44 [host down]
Nmap scan report for 192.168.18.45 [host down]
Nmap scan report for 192.168.18.46 [host down]
Nmap scan report for 192.168.18.47 [host down]
Nmap scan report for 192.168.18.48 [host down]
Nmap scan report for 192.168.18.49 [host down]
Nmap scan report for 192.168.18.50 [host down]
Nmap scan report for 192.168.18.51 [host down]
Nmap scan report for 192.168.18.52 [host down]
Nmap scan report for 192.168.18.53 [host down]
Nmap scan report for 192.168.18.54 [host down]
Nmap scan report for 192.168.18.55 [host down]
Nmap scan report for 192.168.18.56 [host down]
Nmap scan report for 192.168.18.57 [host down]
Nmap scan report for 192.168.18.58 [host down]
Nmap scan report for 192.168.18.59 [host down]
Nmap scan report for 192.168.18.60 [host down]
Nmap scan report for 192.168.18.61 [host down]
Nmap scan report for 192.168.18.62 [host down]
Nmap scan report for 192.168.18.63 [host down]
Nmap scan report for 192.168.18.64 [host down]
Nmap scan report for 192.168.18.65 [host down]
Nmap scan report for 192.168.18.66 [host down]
Nmap scan report for 192.168.18.67 [host down]
Nmap scan report for 192.168.18.68 [host down]
Nmap scan report for 192.168.18.69 [host down]
Nmap scan report for 192.168.18.70 [host down]
Nmap scan report for 192.168.18.71 [host down]
Nmap scan report for 192.168.18.72 [host down]
Nmap scan report for 192.168.18.74 [host down]
Nmap scan report for 192.168.18.75 [host down]
Nmap scan report for 192.168.18.76 [host down]
Nmap scan report for 192.168.18.77 [host down]
Nmap scan report for 192.168.18.78 [host down]
Nmap scan report for 192.168.18.79 [host down]
Nmap scan report for 192.168.18.80 [host down]
Nmap scan report for 192.168.18.82 [host down]
Nmap scan report for 192.168.18.83 [host down]
Nmap scan report for 192.168.18.85 [host down]
Nmap scan report for 192.168.18.86 [host down]
Nmap scan report for 192.168.18.87 [host down]
Nmap scan report for 192.168.18.88 [host down]
Nmap scan report for 192.168.18.89 [host down]
Nmap scan report for 192.168.18.90 [host down]
Nmap scan report for 192.168.18.91 [host down]
Nmap scan report for 192.168.18.92 [host down]
Nmap scan report for 192.168.18.93 [host down]
Nmap scan report for 192.168.18.94 [host down]
Nmap scan report for 192.168.18.95 [host down]
Nmap scan report for 192.168.18.96 [host down]
Nmap scan report for 192.168.18.97 [host down]
Nmap scan report for 192.168.18.98 [host down]
Nmap scan report for 192.168.18.99 [host down]
Nmap scan report for 192.168.18.100 [host down]
Nmap scan report for 192.168.18.101 [host down]
Nmap scan report for 192.168.18.102 [host down]
Nmap scan report for 192.168.18.103 [host down]
Nmap scan report for 192.168.18.104 [host down]
Nmap scan report for 192.168.18.105 [host down]
Nmap scan report for 192.168.18.106 [host down]
Nmap scan report for 192.168.18.107 [host down]
Nmap scan report for 192.168.18.108 [host down]
Nmap scan report for 192.168.18.109 [host down]
Nmap scan report for 192.168.18.110 [host down]
Nmap scan report for 192.168.18.111 [host down]
Nmap scan report for 192.168.18.112 [host down]
Nmap scan report for 192.168.18.113 [host down]
Nmap scan report for 192.168.18.114 [host down]
Nmap scan report for 192.168.18.115 [host down]
Nmap scan report for 192.168.18.116 [host down]
Nmap scan report for 192.168.18.117 [host down]
Nmap scan report for 192.168.18.118 [host down]
Nmap scan report for 192.168.18.119 [host down]
Nmap scan report for 192.168.18.120 [host down]
Nmap scan report for 192.168.18.121 [host down]
Nmap scan report for 192.168.18.122 [host down]
Nmap scan report for 192.168.18.123 [host down]
Nmap scan report for 192.168.18.124 [host down]
Nmap scan report for 192.168.18.125 [host down]
Nmap scan report for 192.168.18.126 [host down]
Nmap scan report for 192.168.18.127 [host down]
Nmap scan report for 192.168.18.128 [host down]
Nmap scan report for 192.168.18.129 [host down]
Nmap scan report for 192.168.18.130 [host down]
Nmap scan report for 192.168.18.131 [host down]
Nmap scan report for 192.168.18.132 [host down]
Nmap scan report for 192.168.18.133 [host down]
Nmap scan report for 192.168.18.134 [host down]
Nmap scan report for 192.168.18.135 [host down]
Nmap scan report for 192.168.18.136 [host down]
Nmap scan report for 192.168.18.137 [host down]
Nmap scan report for 192.168.18.138 [host down]
Nmap scan report for 192.168.18.139 [host down]
Nmap scan report for 192.168.18.140 [host down]
Nmap scan report for 192.168.18.141 [host down]
Nmap scan report for 192.168.18.142 [host down]
Nmap scan report for 192.168.18.143 [host down]
Nmap scan report for 192.168.18.144 [host down]
Nmap scan report for 192.168.18.145 [host down]
Nmap scan report for 192.168.18.146 [host down]
Nmap scan report for 192.168.18.147 [host down]
Nmap scan report for 192.168.18.148 [host down]
Nmap scan report for 192.168.18.149 [host down]
Nmap scan report for 192.168.18.150 [host down]
Nmap scan report for 192.168.18.151 [host down]
Nmap scan report for 192.168.18.152 [host down]
Nmap scan report for 192.168.18.153 [host down]
Nmap scan report for 192.168.18.154 [host down]
Nmap scan report for 192.168.18.155 [host down]
Nmap scan report for 192.168.18.156 [host down]
Nmap scan report for 192.168.18.157 [host down]
Nmap scan report for 192.168.18.158 [host down]
Nmap scan report for 192.168.18.159 [host down]
Nmap scan report for 192.168.18.160 [host down]
Nmap scan report for 192.168.18.161 [host down]
Nmap scan report for 192.168.18.162 [host down]
Nmap scan report for 192.168.18.163 [host down]
Nmap scan report for 192.168.18.164 [host down]
Nmap scan report for 192.168.18.165 [host down]
Nmap scan report for 192.168.18.166 [host down]
Nmap scan report for 192.168.18.167 [host down]
Nmap scan report for 192.168.18.168 [host down]
Nmap scan report for 192.168.18.169 [host down]
Nmap scan report for 192.168.18.170 [host down]
Nmap scan report for 192.168.18.171 [host down]
Nmap scan report for 192.168.18.172 [host down]
Nmap scan report for 192.168.18.173 [host down]
Nmap scan report for 192.168.18.174 [host down]
Nmap scan report for 192.168.18.175 [host down]
Nmap scan report for 192.168.18.176 [host down]
Nmap scan report for 192.168.18.177 [host down]
Nmap scan report for 192.168.18.178 [host down]
Nmap scan report for 192.168.18.179 [host down]
Nmap scan report for 192.168.18.180 [host down]
Nmap scan report for 192.168.18.181 [host down]
Nmap scan report for 192.168.18.182 [host down]
Nmap scan report for 192.168.18.183 [host down]
Nmap scan report for 192.168.18.184 [host down]
Nmap scan report for 192.168.18.185 [host down]
Nmap scan report for 192.168.18.186 [host down]
Nmap scan report for 192.168.18.187 [host down]
Nmap scan report for 192.168.18.188 [host down]
Nmap scan report for 192.168.18.189 [host down]
Nmap scan report for 192.168.18.190 [host down]
Nmap scan report for 192.168.18.191 [host down]
Nmap scan report for 192.168.18.192 [host down]
Nmap scan report for 192.168.18.193 [host down]
Nmap scan report for 192.168.18.194 [host down]
Nmap scan report for 192.168.18.195 [host down]
Nmap scan report for 192.168.18.196 [host down]
Nmap scan report for 192.168.18.197 [host down]
Nmap scan report for 192.168.18.198 [host down]
Nmap scan report for 192.168.18.199 [host down]
Nmap scan report for 192.168.18.200 [host down]
Nmap scan report for 192.168.18.201 [host down]
Nmap scan report for 192.168.18.202 [host down]
Nmap scan report for 192.168.18.203 [host down]
Nmap scan report for 192.168.18.204 [host down]
Nmap scan report for 192.168.18.205 [host down]
Nmap scan report for 192.168.18.206 [host down]
Nmap scan report for 192.168.18.207 [host down]
Nmap scan report for 192.168.18.208 [host down]
Nmap scan report for 192.168.18.209 [host down]
Nmap scan report for 192.168.18.210 [host down]
Nmap scan report for 192.168.18.211 [host down]
Nmap scan report for 192.168.18.212 [host down]
Nmap scan report for 192.168.18.213 [host down]
Nmap scan report for 192.168.18.214 [host down]
Nmap scan report for 192.168.18.215 [host down]
Nmap scan report for 192.168.18.216 [host down]
Nmap scan report for 192.168.18.217 [host down]
Nmap scan report for 192.168.18.218 [host down]
Nmap scan report for 192.168.18.219 [host down]
Nmap scan report for 192.168.18.220 [host down]
Nmap scan report for 192.168.18.221 [host down]
Nmap scan report for 192.168.18.222 [host down]
Nmap scan report for 192.168.18.223 [host down]
Nmap scan report for 192.168.18.224 [host down]
Nmap scan report for 192.168.18.225 [host down]
Nmap scan report for 192.168.18.226 [host down]
Nmap scan report for 192.168.18.227 [host down]
Nmap scan report for 192.168.18.228 [host down]
Nmap scan report for 192.168.18.229 [host down]
Nmap scan report for 192.168.18.230 [host down]
Nmap scan report for 192.168.18.231 [host down]
Nmap scan report for 192.168.18.232 [host down]
Nmap scan report for 192.168.18.233 [host down]
Nmap scan report for 192.168.18.234 [host down]
Nmap scan report for 192.168.18.235 [host down]
Nmap scan report for 192.168.18.236 [host down]
Nmap scan report for 192.168.18.237 [host down]
Nmap scan report for 192.168.18.238 [host down]
Nmap scan report for 192.168.18.239 [host down]
Nmap scan report for 192.168.18.240 [host down]
Nmap scan report for 192.168.18.241 [host down]
Nmap scan report for 192.168.18.242 [host down]
Nmap scan report for 192.168.18.243 [host down]
Nmap scan report for 192.168.18.244 [host down]
Nmap scan report for 192.168.18.245 [host down]
Nmap scan report for 192.168.18.246 [host down]
Nmap scan report for 192.168.18.247 [host down]
Nmap scan report for 192.168.18.248 [host down]
Nmap scan report for 192.168.18.249 [host down]
Nmap scan report for 192.168.18.250 [host down]
Nmap scan report for 192.168.18.251 [host down]
Nmap scan report for 192.168.18.252 [host down]
Nmap scan report for 192.168.18.253 [host down]
Nmap scan report for 192.168.18.254 [host down]
Nmap scan report for 192.168.18.255 [host down]
Initiating Parallel DNS resolution of 1 host. at 13:31
Completed Parallel DNS resolution of 1 host. at 13:31, 0.01s elapsed
Initiating SYN Stealth Scan at 13:31
Scanning 4 hosts [1000 ports/host]
Discovered open port 22/tcp on 192.168.18.37
Discovered open port 53/tcp on 192.168.18.1
Discovered open port 111/tcp on 192.168.18.37
Discovered open port 80/tcp on 192.168.18.1
Discovered open port 80/tcp on 192.168.18.37
Discovered open port 9090/tcp on 192.168.18.37
Discovered open port 2049/tcp on 192.168.18.37
Discovered open port 9000/tcp on 192.168.18.37
Completed SYN Stealth Scan against 192.168.18.37 in 0.46s (3 hosts left)
Completed SYN Stealth Scan against 192.168.18.1 in 1.30s (2 hosts left)
Completed SYN Stealth Scan against 192.168.18.84 in 1.78s (1 host left)
Increasing send delay for 192.168.18.81 from 0 to 5 due to 17 out of 55 dropped probes since last increase.
Increasing send delay for 192.168.18.81 from 5 to 10 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 192.168.18.81 from 10 to 20 due to 11 out of 12 dropped probes since last increase.
Increasing send delay for 192.168.18.81 from 20 to 40 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 192.168.18.81 from 40 to 80 due to 11 out of 11 dropped probes since last increase.
Increasing send delay for 192.168.18.81 from 80 to 160 due to 11 out of 25 dropped probes since last increase.
Increasing send delay for 192.168.18.81 from 160 to 320 due to 11 out of 14 dropped probes since last increase.
Increasing send delay for 192.168.18.81 from 320 to 640 due to max_successful_tryno increase to 4
Increasing send delay for 192.168.18.81 from 640 to 1000 due to max_successful_tryno increase to 5
SYN Stealth Scan Timing: About 81.69% done; ETC: 13:34 (0:00:30 remaining)
SYN Stealth Scan Timing: About 82.46% done; ETC: 13:34 (0:00:36 remaining)
SYN Stealth Scan Timing: About 83.44% done; ETC: 13:35 (0:00:41 remaining)
SYN Stealth Scan Timing: About 84.40% done; ETC: 13:36 (0:00:46 remaining)
SYN Stealth Scan Timing: About 85.60% done; ETC: 13:37 (0:00:50 remaining)
SYN Stealth Scan Timing: About 86.87% done; ETC: 13:38 (0:00:52 remaining)
SYN Stealth Scan Timing: About 88.22% done; ETC: 13:39 (0:00:54 remaining)
SYN Stealth Scan Timing: About 89.62% done; ETC: 13:39 (0:00:53 remaining)
SYN Stealth Scan Timing: About 90.98% done; ETC: 13:40 (0:00:51 remaining)
SYN Stealth Scan Timing: About 92.25% done; ETC: 13:41 (0:00:47 remaining)
SYN Stealth Scan Timing: About 93.45% done; ETC: 13:42 (0:00:43 remaining)
SYN Stealth Scan Timing: About 94.58% done; ETC: 13:43 (0:00:38 remaining)
SYN Stealth Scan Timing: About 95.50% done; ETC: 13:43 (0:00:33 remaining)
Completed SYN Stealth Scan at 13:46, 897.63s elapsed (4000 total ports)
Nmap scan report for 192.168.18.1
Host is up (0.0062s latency).
Not shown: 995 closed tcp ports (reset)
PORT   STATE    SERVICE
21/tcp filtered ftp
22/tcp filtered ssh
23/tcp filtered telnet
53/tcp open     domain
80/tcp open     http
MAC Address: F4:1D:6B:A7:AE:EF (Huawei Technologies)

Nmap scan report for server (192.168.18.37)
Host is up (0.0075s latency).
Not shown: 994 closed tcp ports (reset)
PORT     STATE SERVICE
22/tcp   open  ssh
80/tcp   open  http
111/tcp  open  rpcbind
2049/tcp open  nfs
9000/tcp open  cslistener
9090/tcp open  zeus-admin
MAC Address: 00:90:F5:D3:8C:46 (Clevo)

Nmap scan report for 192.168.18.81
Host is up (0.23s latency).
All 1000 scanned ports on 192.168.18.81 are in ignored states.
Not shown: 1000 closed tcp ports (reset)
MAC Address: AA:72:2B:46:37:AD (Unknown)

Nmap scan report for 192.168.18.84
Host is up (0.12s latency).
All 1000 scanned ports on 192.168.18.84 are in ignored states.
Not shown: 1000 closed tcp ports (reset)
MAC Address: 32:5D:17:FB:26:E0 (Unknown)

Initiating SYN Stealth Scan at 13:46
Scanning 192.168.18.73 [1000 ports]
Discovered open port 3306/tcp on 192.168.18.73
Discovered open port 80/tcp on 192.168.18.73
Completed SYN Stealth Scan at 13:46, 0.04s elapsed (1000 total ports)
Nmap scan report for 192.168.18.73
Host is up (0.0000030s latency).
Not shown: 998 closed tcp ports (reset)
PORT     STATE SERVICE
80/tcp   open  http
3306/tcp open  mysql

Read data files from: /usr/bin/../share/nmap
Nmap done: 256 IP addresses (5 hosts up) scanned in 900.55 seconds
           Raw packets sent: 5773 (245.804KB) | Rcvd: 10176 (1.090MB)

The zeus-admin did not exists on my /etc/services.

In order to avoid false-positive and really understand what service are running on some port, you need to use netstat(1).

Title:Fun fact about network port

Author:ReYuki

Link:https://www.reyuki.site/posts/trivia-network-port [copy]

Last updated:

This work is licensed under the Creative Commons Attribution-NonCommercial-ShareAlike 4.0 International License. You are free to share and adapt it, as long as you give appropriate credit, don’t use it for commercial purposes, and distribute your contributions under the same license. Provided under license CC BY-NC-SA 4.0