Nmap 101 Tutorial
There are two common types of scans, the syn scan and the full connect scan.
-sS - Syn scan sends a syn packet, and if it receives a syn-ack, marks the port as open and sends a reset and tears down the session. Must be root to run a syn scan, as it manipulates the network stack to send the reset out of sequence.
-sT - Connect scan. Completes the full TCP/IP handshake. Any user can run a connect scan as the network stack is not manipulated.
-v verbose mode. Can be repeated for increased verbosity, will update the status more often. If -v is not used, using the space bar you can force a progress update of the scan.
--open Only report on ports that were found open at the end of scan summary.
-sV - version scan. Reports on the version of platforms of running services like http, ssh, etc. Varying degrees of effort to determine the version, use --version-all for the most accurate results at the cost of a slower scan
-O OS scan - attempts to determine the operating system of the host being scanned. Note both version and OS scans use scripts written for nmap written in NSE, Nmap Scripting Engine that extend functionality. Use --osscan-guess for the most verbose results as it will fuzz the scan, again at the cost of a slower scan.
Output can be saved in several formats. Use -oA to save in all formats in separate files, including greppable (deprecated) and XML.
-Pn - don't ping the hosts before port scanning. Useful on networks that block ICMP echo requests.
No comments:
Post a Comment