Nmap – Why Not Scanning All Ports

By default, Nmap scans the top 1000 most popular ports, according to the statistics generated from Internet-wide scans and large internal network scans from the summer of 2008. There are a few options that change this: -F reduces the number to 100, -p allows you to specify which ports to scan, and --top-ports lets you specify how many of the most popular ports to scan. This means that the default scan is equivalent to --top-ports 1000, and -F is the same as --top-ports 100.

These numbers were set in version 4.75, and were a change from the roughly 1700 (TCP) ports that were the default in version 4.68. The purpose was to decrease scanning times while still giving reasonable results. The flexibility of Nmap's command-line options guarantees that you can still scan just about any combination of ports that you want, regardless of the defaults.

Scanning all 65536 TCP ports is still possible with -p0-, but it will take a very long time. Scanning all UDP ports with -sU -p0- will take even longer, because of the way that open ports are detected.