[Nmap](Network scanning & Enumeration)

Understanding Network Scanning Using Nmap

nmap -O 10.10.10.*
nmap -packet-trace <target>

Various Network Scanning Techniques

TCP Connect Scan/Full open scan (-sT)

TCP Connect Scan is the most basic form of TCP scanning. If port is listening, connect will succeed, otherwise the port isnt reachable Don’t need special privileges

Stealth scan/Half-open scan (-sS)

abruptly resetting the TCP connection between client and server before the completion of three-way handshake signals. This is for bypassing firewall rules as well as hiding under the appearence of regular network traffic.

UDP Scan (-sU)

This is used to scan the open UDP ports. It sends UDP packets to every ports and waits the response.

Xmas Scan(-sX)

ACK flag probe scan

Send an ACK probe packet with a random sequence number. No response means the port is filtered (stateful firewall is there) and an unfiltered response means the port is closed.

IDLE scan

If the port is not open on the target machine, keep enforcing IDLE scan by probing other ports

  1. Send SYN + ACL packet to the zombie machine to probe its IPID number.
  2. The machine does not expect an SYN+ACK packet will send an RST packet. We can guess the IPID
  3. Send a SYN packet to the target machine (port 80) to spoof the real IP address of the Zombie machine.
  4. If the port is open, the target will send a SYN+ACK packet to the zombie and it will send an RST to the target in response
  5. if the port is closed, the target will send an RST to zombie machine but it will not send anything back.

Ping sweep (-sP)

Nmap scans the subnet and shows a list of the alive systems

Avoiding scanning detection using multiple decoy IP address (-D RND: target)

Scan multiple decoy IP address. Nmap will send multiple packets with different IP addresses. Requests come from various unknow IP address.

  • -A: Enable OS detection, version detection, script scanning, and traceroute
Nmap -A target IP address



Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store