Nmap Port Scan (TCP , UDP , ACK, SYNC,…)
This chapter is real part of the scanning. In this chapter we will look how to define port scanning parameters. The techniques described in this chapter generally requires privileged user which means root or Administrator user.
Tcp Syn Scan
This scan is default and most popular scan. This scan is also referred half open scan. In this scan only tcp syn packets are sent to the target.
$ nmap -sS google.com
- -sS is used to send syn packets.
Tcp Connect Scan
This is scan is an alternative for the Tcp Syn Scan. This scan do not requires privileged user. Scan is done with completing 3 way hand shake.
$ nmap -sT google.com
Tcp is default protocol for scan. But udp can be activated with -sU .
$ nmap -sU google.com
Tcp Null Scan
Null scan done by setting tcp flag header 0. New firewall walls can detect this scan
$ nmap -sN google.com
Tcp Fin Scan
This scan done by sending tcp packets with FIN flag set. New systems can detect this scan.
$ nmap -sF google.com
This scan is done by setting FIN,PSH,URG flags. New systems can detect this scan.
$ nmap -sX google.com
Tcp Ack Scan
In this scan technique tcp packets sends with ack flag is set. If target response this means the port is open or closed.
$ nmap -sA google.com
Tcp Window Scan
This scan is more detailed version of Tcp Ack Scan. We can prevent using it.
$ nmap -sW google.com
Tcp Maimon Scan
Generally an uneffective for most os the systems.
$ nmap -sM google.com
Custom Tcp Scan
Nmap gives users the ability to modify low level details like flag. ACK, URG, PSH, RST, SYN, FIN tcp flags can be used for scan.
$ nmap --scanflags ACKURG google.com
- –scanflags will set ACK and URG flags
This is an advanced scan where no packet sent with our real ip address to target. A zombie host is selected and packets are send behalf of it. This scan also show trust relationship between zombie and target.
$ nmap -sI 10.0.0.2 10.0.0.10
- -sI provides 10.0.0.2 as zombie and 10.0.0.10 as target.
Ip Protocol Scan
This scan will determine which is protocols are supported by target.
$ nmap -sO 10.0.0.10