By | 08/08/2014

Phases of nmap:

  1. Host discovery
  2. Port scanning
  3. OS fingerprinting

Zenmap is graphic frontend for nmap

Host Discovery

When doing a nmap -sP network it sends a ICMP echo and a HTTP TCP-ACK (TCP Ping) packet to the port 80

-P0Disables de Host Discovery phase
-sPOnly discovery phase is done – ICMP echo + HTTP TCP ACK
-sP -PSTCP Ping is done with SYN instead of ACK
-sP -PS25TCP Ping is done with SYN to the specified port
-sP -g 53Source port to send the TCP ACK
-sP -PPICMP Timestamp request (type 13) instead of echo-reply
-sP -PNICMP Address mask request (type 17) instead of echo-reply
-sn Only ICMP, disables port scan

Example – Basic scan of a network ICMP + HTTP

nmap -sP

Port Scanning

-sSTCP scan
-sU UDP scan

Example – Basic TCP scan

nmap -sP

Example – Basic UDP scan

nmap -sU

OS Fingerprinting

-OOS Detection


Other options

-vVerbose mode


Example – port scan of a host with OS fingerprinting and verbose mode.

nmap -sS -O -v