Nmap Port Scan (TCP , UDP , ACK, SYNC,…) – POFTUT

Nmap Port Scan (TCP , UDP , ACK, SYNC,…)

by

[rps-include post=6632]

This chapter is real part of the scanning. In this chapter we will look how to define port scanning parameters. The techniques described in this chapter generally requires privileged user which means root or Administrator user.

Tcp Syn Scan

This scan is default and most popular scan. This scan is also referred half open scan. In this scan only tcp syn packets are sent to the target.

$ nmap -sS google.com
  • -sS is used to send syn packets.

Tcp Connect Scan

This is scan is an alternative for the Tcp Syn Scan. This scan do not requires privileged user. Scan is done with completing 3 way hand shake.

$ nmap -sT google.com

Udp Scan

Tcp is default protocol for scan. But udp can be activated with -sU .

$ nmap -sU google.com

Tcp Null Scan

Null scan done by setting tcp flag header 0. New firewall walls can detect this scan

$ nmap -sN google.com

Tcp Fin Scan

This scan done by sending tcp packets with FIN flag set. New systems can detect this scan.

$ nmap -sF google.com

Xmas Scan

This scan is done by setting FIN,PSH,URG flags. New systems can detect this scan.

$ nmap -sX google.com

Tcp Ack Scan

In this scan technique tcp packets sends with ack flag is set. If target response this means the port is open or closed.

$ nmap -sA google.com

Tcp Window Scan

This scan is more detailed version of Tcp Ack Scan. We can prevent using it.

$ nmap -sW google.com

Tcp Maimon Scan

Generally an uneffective for most os the systems.

$ nmap -sM google.com

Custom Tcp Scan

Nmap gives users the ability to modify low level details like flag. ACK, URG, PSH, RST, SYN, FIN tcp flags can be used for scan.

$ nmap --scanflags ACKURG google.com
  • –scanflags will set ACK and URG  flags
LEARN MORE  Windows Netstat Command Tutorial

Idle Scan

This is an advanced scan where no packet sent with our real ip address to target. A zombie host is selected and packets are send behalf of it. This scan also show trust relationship between zombie and target.

$ nmap -sI 10.0.0.2 10.0.0.10
  • -sI provides 10.0.0.2 as zombie and 10.0.0.10 as target.

Ip Protocol Scan

This scan will determine which is protocols are supported by target.

$ nmap -sO 10.0.0.10

[rps-include post=6632]

Leave a Comment