`
--snip--
Nmap scan report for 172.16.10.1
Host is up (0.00028s latency).
PORT STATE SERVICE VERSION
22/tcp open ssh OpenSSH 9.0p1 Debian 1+b2 (protocol 2.0)
Service Info: OS: Linux; CPE: cpe:/o:linux:linux_kernel
--snip--
Nmap scan report for 172.16.10.10
Host is up (0.00029s latency).
PORT STATE SERVICE VERSION
8081/tcp open blackice-icecap?
--snip--
This scan may take some time to complete due to the use of the -
sV option, which detects the version of services on each port. As you
can see, Nmap returns a few IP addresses and their open ports,
including their services and even information related to the operating
system running on the host. If we wanted to filter, say, only the open
ports, we could do by using grep:
$ nmap -sV -iL 172-16-10-host.txt | grep open
22/tcp open ssh
8081/tcp open blackice-icecap
21/tcp open ftp
80/tcp open http
80/tcp open http
22/tcp open ssh
--snip--
Nmap was able to identify services on several open TCP ports,
such as the File Transfer Protocol (FTP) on port 21, Secure Shell
(SSH) on port 22, and HyperText Transfer Protocol (HTTP) on port
80. Later in this chapter, we’ll take a closer look at each of these
services.
Nmap also allows you to pass the --open flag on the command
line to will show only the ports that were found open:
$ nmap -sV -iL 172-16-10-host.txt --open
N O T E
Kali’s own interface IP (172.16.10.1) will be captured in this port scan,
since it is part of the hosts file. You can use Nmap’s --exclude op-
tion to exclude this specific IP when performing a network-wide scan:
--exclude 172.16.10.1. You can also remove it manually from
the file for convenience.
Black Hat Bash (Early Access) © 2023 by Dolev Farhi and Nick Aleks