Nmap is an effective network-scanning tool that can be used for host and open port service discovery. It can be downloaded from here.
In my experiences, to find hidden services or special services, not located on common ports, the below scans can be used. Different services respond to different packet messages. The “-p” tag specifies a port range, it is not required. However, when I stated the range, I found more running services than when the range was not stated. My theory is nmap, on a basic scan will look at popular ports and not necessarily all ports when not stated.
- Find UDP Services: nmap –sU <ADDRESS> –p1-6000
- Basic Service Scan: nmap –v <ADDRESS> –p1-6000
- Basic All Service Scan: nmap –A <ADDRESS> –p1-6000
- Null port scan (Does not set and bits in the TCP flag header): nmap –sN <ADDRESS> –p1-6000
- Fin port scans (Sets just the TCP FIN bit): nmap –sF <ADDRESS> –p1-6000
- Christmas port scans (Sets the FIN, PSH and URG flags): nmap –sX <ADDRESS> –p1-6000