KEMBAR78
By Gopalsamy Rajendran | PDF | Transmission Control Protocol | Networking Standards
Scribd
Upload
129 views19 pages

By Gopalsamy Rajendran

This document summarizes Nmap, a network scanning tool. It discusses what Nmap is used for including host discovery, port scanning, and OS detection. It also describes various scanning techniques like SYN scans, UDP scans, and version detection. Finally, it covers timing and output options in Nmap like scan speed, output formats, and XML output.

Uploaded by

rmknec
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
129 views19 pages

By Gopalsamy Rajendran

This document summarizes Nmap, a network scanning tool. It discusses what Nmap is used for including host discovery, port scanning, and OS detection. It also describes various scanning techniques like SYN scans, UDP scans, and version detection. Finally, it covers timing and output options in Nmap like scan speed, output formats, and XML output.

Uploaded by

rmknec
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 19

INTRODUCTION

TO NMAP
By
Gopalsamy Rajendran
$ uname -a

Security Analyst @ Securight Technologies Pvt Ltd


Owasp Cuddalore Chapter Leader
Volunteer @ Kerala Cyberdome
Youtuber | Blogger | Technical Speaker
Certified EC-Council Security Analyst
Proud Civil Engineer ( Since 2018 )
$ cat Context.txt

What is Nmap?
Target Specification
Host Discovery
Scanning Techniques
Version Detection
Timing and scan speed
Output
NSE ( Nmap Scripting Engine )
What is Nmap ?

Network mapper
Network Discovering Tool
Identify Live hosts in the network.
Open Ports, Service version Detection and OS Detection.
Vulnerabilities Discovery
Target Specification:
-iL Include List of IP
--exclude Port Range scan
--excludefile Exclude list of IP

Host Discovery:
-sL Include List of IP to scan
-sP Ping Scan

Other efficient way of host discovery is arp-scan


Port Specification:
-p Particular port scan
-p 22-200 Port Range scan
-p- Scan all ports
-F Scan 100 Ports
--top-ports Scan top ports
-p-65535 Scan from 1 and ends at 65535
Commands:
nmap -A -p 22 <target>
nmap -A -p 22-445 <target>
nmap -A -p- <target>
nmap -F <target> 
nmap --top-ports <target>
nmap -p-65535 <target>
Various Scanning Techniques:

TCP SYN Scan (-sS)


TCP Connect Scan (-sT)
UDP Scan (-sU)
Ping Scan (-sP)
Service Version Detection (-sV)
Idle Scan (-sI)
Xmas, Null, Fin ( -sX, -sN, -sF )
Flags explanation:

SYN  - Synchronize
ACK  - Acknowledge
RST - Reset
FIN  - Final 
NULL - Nothing
TCP Connect Scan (-sT)
Full Open scan
Establish connection to the target
Uses three way handshake ( syn,ack,rst )
High chance of getting logged
Find only TCP port not UDP
Command: nmap -sT <target>

Port open Port close


TCP SYN Scan (-sS)
Half-Open scanning
Sends SYN packets to the target
Won't create a session
Less possibility of getting logged
Fast and reliable
Command: nmap -sS <target>

Port open Port close


UDP Scan (-sU)
Slow scanning
Find only UDP Port
Don't forget to run UDP scan on the given target

Command: nmap -sU <target>

Port Reachable

Port open Port close


Xmas Scan (-sX)
Sends Fin/Urg/Push flag
No reply - open
Reply with RST - Closed

Command: nmap -sX <target>

Port open Port close


Null Scan (-sN)
No flags will be sent
No reply - open
Reply - Closed

Command: nmap -sN <target>

Port open Port close


Fin Scan (-sF)
Fin flags will be sent
No reply - open
Reply - Closed
Command: nmap -sF <target>

Port open Port close


Service Version Scan (-sV)
Used to find services version
Details about the services

Command: nmap -sV <target>

Idle Scan (-sI)

Use another System to scan the target

Command: nmap -sI <target>


Timing Scan (-T)
T0 - Paranoid 
T1 - Sneaky 
T2 - Polite
T3 - Normal
T4 - Aggressive
T5 - Insane
Command: nmap -sV -A -T3 <target>
Output (-O)
oN - Normal Output
oX - XML Output 
oA - All formats
--open - Shows only open ports
ndiff - Shows difference b/w two files

Commands:
nmap -A -oN <target>
nmap -A -oX <target>
nmap -A -oA <target>
nmap -A <target> --open
ndiff result.xml result2.xml
Doubts ??
@hackison @hackison.official
@infosectamil info@hackison.com @infosectamil

You might also like