Nmap Basics Part 1

 Nmap 101 Tutorial

Two common types of scans, syn scan and full connect scan

-sS – Syn scan send a syn packet, if it receives a sysn-ack marks the packet as open and sends a reset and tears down the session.  Must be root to run a Syn scan, as it manipulates the network stack to send the reset out of sequence. (edited) 

-sT – Connect scan. Completes the full TCP/IP hand shake. Any user can run a connect scan as the network stack is not manipulated. (edited) 

-v verbose mode. Can be repeated for increased verbosity, will update the status more often. If -v is not used, using the space bar you can force a progress update of the scan.

–open Only report on ports that were found open at the end of scan summary

-sV – version scan. Reports on version of platforms of running services like http, ssh, etc. Varying degrees of effort to determine the version, use –version-all for the most accurate results at the cost of a slower scan

-O OS scan – attempts to determine the operating system of the host being scanned. Note both version and OS scans use scripts written for nmap written in NSE, Nmap Scripting Engine that extend functionality. Use –osscan-guess for the most accurate results, again at the cost of a slower scan.

-e Show the link later headers in addition to higher-level protocol headers

-x hexadecimal output

-X hexadecimal and ASCII output. Common when there’s ASCII text in the packet than can be displayed.

-A show only ASCII data

Output can be saved in several formats. Will go into details further in. use -oA to save in all formats in separate files, including greppable (deprecated) and XML

-Pn – don’t ping the hosts before port scanning. Useful on networks that block ICMP echo requests

*** This is a Security Bloggers Network syndicated blog from JeffSoh on NetSec authored by JeffSoh. Read the original post at: https://jeffsoh.blogspot.com/2021/11/nmap-basics-part-1.html