Breaking News

7 Techniques of Nmap port scanner – Scanning

Hello and welcome,

I am happy to see you reading this article, May I know “Do you like my nmap scanning series ? if you want to add somthing please tell me in comment box.

You are reading an article part of nmap network scanning series 

  1. introduction to scanning phase of penetration-testing
  2. Examples of Network Scanning for Live Host by Kali Linux
  3. important nmap commands in Kali Linux with Example
  4. <You are HERE>
  5. Nmap Timing Templates – You should know
  6. commands to save Nmap output to file
  7. Nmap Scripts in Kali Linux

How to use Nmap port scanner – Scanning

In the nmap port scanner “-s” (lowercase s) prefix is used to specify the type of scan should be launched on the target defined in the scan command. The selection of scan type can help the penetration tester to evade by some host and network security system for example IDS/IPS, Firewalls etc.

Half Open/Stealth Scan (-sS)

The stealth scan is the default type of scanning used by Nmap port scanner when no scan option is defined. In this type of scanning, pentester’s machine sends SYN packet to the target machine. The target machine will reply back with an SYN/ACK packet. The attacker will send RST packet instead of ACK (acknowledgment). If a port is closed then target machine send RST packed instead of SYN/ACK packet.

Half Open/Stealth Scan (-sS)

 

-sT TCP Connect Scan/Full Open Scan

TCP connect scan can mostly be used to gather more information about the target. In this case, the attacker sends an SYN packed to target. Target machine hopefully gives the reply with SYN/ACK packet. The attacker completed the communication by sending a final ACK packet.

nmap -sT TCP Connect Scan/Full Open Scan

 

-sA Acknowledgement Scan by nmap port scanner

Acknowledgment scan is used to determine TCP port is filtered or unfiltered. In this scan, Attacker communicates with the target machine with ACK (acknowledgment) flag. If the RST (reset) response from target means the port is unfiltered, and if no response or response with unreachable error indicates the port is filtered.

nmap -sA Acknowledgement Scan

-sX Xmas Scan

In this type of scanning, attacker sends packet with FIN, PUSH, URG flag. If no response from target side indicates the port is open, and if the target response with RST (reset) packet indicates the port is closed.

nmap -sX Xmas Scan

-sP FIN Scan by nmap port scanner 

In this type of scanning, attacker sends a packet only with FIN flag. If no response from targets side means the port is open, and if target response with RST/ACK packet indicate the port is closed.

nmap -sP FIN Scan

-sN Null Scan

In Null Scan sends the packet without flags to the target host. I response from target side indicates the port is open if target response with RST/ACK indicates the port is closed.

nmap -sN Null Scan

-sU UDP Scan by nmap port scanner

The UDP scan evaluates the UDP ports on the target system. Dissimilar to filtering TCP ports, UDP scans hope to get a response back from target that has the tested ports shut. packets sent to open UDP ports are not reacted; then again, if the packet sent inspires a response from the target, then the port being tested is open. In the event that no response is accepted, then the port could be open alternately could be separated by a gadget like a firewall. Shut UDP ports might be recognized by an ICMP response with a sort 3 and code 3 response Finally, ports that are affirmed to be filtered will have an ICMP response of sort 3 with codes of 1, 2, 9, 10, or 13, demonstrating different inaccessible errors.

 nmap -sU UDP Scan

Thanks for giving your valuable time to reading this article, if you have any question related this article or nmap scanning series let me know in comment box

Thanks & Cheers!

 

About Vijay Kumar

Ethical Hacking & Penetration Testing Trainer, For more detail view My Profile

Check Also

4 commands to save Nmap output to file

4 commands to save Nmap output to file

Hi and welcome again! I am happy to see you here on my blog, I …

Leave a Reply

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Watch Dragon ball super