Nmap 101 Tutorial
Two common types of scans, syn scan and full connect scan
-sS – Syn scan send a syn packet, if it receives a sysn-ack marks the packet as open and sends a reset and tears down the session. Must be root to run a Syn scan, as it manipulates the network stack to send the reset out of sequence. (edited)
-sT – Connect scan. Completes the full TCP/IP hand shake. Any user can run a connect scan as the network stack is not manipulated. (edited)
-v verbose mode. Can be repeated for increased verbosity, will update the status more often. If -v is not used, using the space bar you can force a progress update of the scan.
–open Only report on ports that were found open at the end of scan summary
-sV – version scan. Reports on version of platforms of running services like http, ssh, etc. Varying degrees of effort to determine the version, use –version-all for the most accurate results at the cost of a slower scan
-O OS scan – attempts to determine the operating system of the host being scanned. Note both version and OS scans use scripts written for nmap written in NSE, Nmap Scripting Engine that extend functionality. Use –osscan-guess for the most accurate results, again at the cost of a slower scan.
-e Show the link later headers in addition to higher-level protocol headers
-x hexadecimal output
-X hexadecimal and ASCII output. Common when there’s ASCII text in the packet than can be displayed.
-A show only ASCII data
Output can be saved in several formats. Will go into details further in. use -oA to save in all formats in separate files, including greppable (deprecated) and XML
-Pn – don’t ping the hosts before port scanning. Useful on networks that block ICMP echo requests
*** This is a Security Bloggers Network syndicated blog from JeffSoh on NetSec authored by JeffSoh. Read the original post at: https://jeffsoh.blogspot.com/2021/11/nmap-basics-part-1.html
The world advances based on innovation, and innovation can come from anywhere. The trouble is that the current capitalist economic…
In their haste to deploy LLM tools, organizations may overlook crucial security practices. The rise in threats like Remote Code…
While inexpensive and crudely built, the ransomware variants still post a threat to smaller companies and individuals, Sophos says.
Read this quick guide to the types of vulnerabilities that affect containers. The post What Makes Containers Vulnerable? appeared first…
Authors/Presenters: *Yehuda Afek and Anat Bremler-Barr, Shani Stajnrod* Many thanks to USENIX for publishing their outstanding USENIX Security ’23 Presenter’s…
The latest webinar in Sonatype's DevOps Download series, presented in partnership with The New Stack, offered an in-depth exploration into…