Now that we have the basics of how to see what ports Nessus is finding and where, let’s see what we can do to customize our scans and be more efficient with our network bandwidth.
We can start by creating a new advanced scan and navigate to: Setting>Discovery>Port Scanning
What we see above are the default settings of the port scanning settings for Nessus Professional. These coincide with the Tenable Documentation on Port Scanning that can be found here: https://docs.tenable.com/nessus/Content/DiscoverySettings.htm#Service-Discovery:~:text=Network%20Port%20Scanners-,Setting,using%20the%20netstat%20or%20SNMP%20port%20enumeration%20options%20instead%20if%20possible.,-Service%20Discovery
We can also see that they are mapped to the Plugin Family options as well found in part 1 here:https://www.tenable.com/plugins/search?q=script_family%3A%28%22Port+scanners%22%29&sort=&page=1
What if you need to alter some port scanning settings at the scanner level and not the scan level though? No problem, let’s Navigate to: Settings>Advanced>Scanning
We will start with Performance:
Global Max Port Scanners: is a parameter set at the Scanner level telling us the max amount of Hosts a Port Scanner can be run against. There are other settings that are related to this setting but 100 is default and if you want to change the setting you are looking at some advanced tweaking of the Scanner.
Now the only other section with any Port Scanning Settings of note is Scanning:
Let’s Start with,
Maximum Ports in Scan Reports: This simply means the maximum numerical amount of ports that will be added to the scan result when scanned. You can see it is 1024 and thing they mean only well-known ports but it does not mean only well known ports from 1–1024 will be added unless every port from 1–1024 is open and added. If ports 1–1026 were all open it would get to 1024 reference the maximum here and stop, as I understand the setting.
Maximum Ports Reported by Portscanner Plugins: In short, this settings shows us the same as the above plugin but for individual hosts.
Port Range: This refers to the port range, the only confusing part here is that “default” here is not the same as the common port range “1–1024” it is referring to a custom grouping of ports that Tenable itself keeps track of and updates. Change this with intention as “default” does not just mean 1–65,535 or something arbitrary and would need to be fine tuned to get good results.
Non-Simultaneous Ports: Again straight-forward, you cannot run more than one plugin at a time against a port that is designated here. The defaults 139, 445, 3389 are all Windows ports and setup to help not cause trouble when scanning against Windows Hosts.
That is all on Port Scanning with a Nessus Scanner, anything deeper would be very niche but feel free to reach out with any questions!
