Tor is a unique service in how it operates - a default Tor installation doesn't have any ports you can sniff with an nmap
scan from another system.
Assuming you have a default install of the Tor process, without any additional configuration on it, and only running so you can stick your browser and things to a SOCKS proxy to go into and over Tor, then this is the only listening port for Tor:
(this is from netstat -tulpn
)
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:9050 0.0.0.0:* LISTEN -
Unless you are scanning your system from locally, you won't see a Tor port, since 9050 is bound only to localhost
, which is only able to be accessed from the machine itself.
So, unless you open up the Tor proxy port binding to bind to one of the IP addresses assigned to the system and NOT to the local machine's 127.0.0.1
address, you won't see anything show up on an nmap scan from an external system that is not the system running Tor itself.
The only way any port scanner, nmap
or otherwise, would see this is if you're running a local portscan from your system itself, and not from another IP address on the network. So, regardless of the version of nmap
it can't scan non-open ports. Something bound to your localhost (127.0.0.1
) just can't be scanned from externally.
Best Answer
Scan a network and find out which servers and devices are up and running:
Scan a single host:
Scan multiple IP addresses or subnets:
Scan by excluding a host:
That will exclude the host while scanning.
Fast nmap scanning for a network range:
To see packets sent and received received using nmap:
Scan for a port:
Scan for multiple ports:
Scan all ports using nmap:
I hope that will help you. If you need to know more just run the command: