# Port & Service Discovery

## NMAP

The best method to find open ports and services remains to be NMAP.

**Quick Discovery Scan**

This scan will only look for common TCP/UDP ports and uses a faster ping scan method.

`nmap -sn -T4 -PE -PM -PP -PU53,69,161,500,514,520,1434 -PA21,22,23,25,53,80,443,513,8080,3389 -PS21,22,23,25,53,80,443,513,8080,3389 -n -r -vv -oA discovery -iL ipfile.txt`

This scan will perform a thorough assessment and attempt to find any and all ports.

**Longer Full Scan**

`nmap -sT -n -Pn -p- -T3 --randomize-hosts --min-hostgroup 96 --max-retries 3 --min-parallelism 64 --max-scan-delay=5s --open -oA Full-TCP-Scan -iL ip-list.txt -vvv`

* <https://nmap.org/>