nmap

By | 08/08/2014

Phases of nmap:

  1. Host discovery
  2. Port scanning
  3. OS fingerprinting

Zenmap is graphic frontend for nmap

Host Discovery

When doing a nmap -sP network it sends a ICMP echo and a HTTP TCP-ACK (TCP Ping) packet to the port 80

OptionDescription
-P0Disables de Host Discovery phase
-sPOnly discovery phase is done – ICMP echo + HTTP TCP ACK
-sP -PSTCP Ping is done with SYN instead of ACK
-sP -PS25TCP Ping is done with SYN to the specified port
-sP -g 53Source port to send the TCP ACK
-sP -PPICMP Timestamp request (type 13) instead of echo-reply
-sP -PNICMP Address mask request (type 17) instead of echo-reply
-sn Only ICMP, disables port scan

Example – Basic scan of a network ICMP + HTTP

nmap -sP 192.168.1.0/24

Port Scanning

OptionDescription
-sSTCP scan
-sU UDP scan

Example – Basic TCP scan

nmap -sP 192.168.1.200

Example – Basic UDP scan

nmap -sU 192.168.1.200

OS Fingerprinting

OptionDescription
-OOS Detection

 

Other options

OptionDescription
-vVerbose mode

 

Example – port scan of a host with OS fingerprinting and verbose mode.

nmap -sS -O -v 192.168.1.200