Various types of port scanning

Scan types

Tcp connect scan

nmap -sT

discoverable

Tcp syn scan

nmap -sS

stealthy

Tcp fin scan

nmap -sF

sets only the FIN bit

Tcp Xmas tree scan

nmap -sX

Sets the FIN, PSH, and URG flags, lighting the packet up like a Christmas tree.

Tcp null scan

nmap -sN

Does not set any bits

Tcp ack scan

nmap -sA

used to map out firewall rulesets, determining whether they are stateful or not and which ports are filtered.

Tcp window scan

nmap -sW

is exactly the same as ACK scan except that it exploits an implementation detail of certain systems to differentiate open ports from closed ones, rather than always printing unfiltered when a RST is returned.

Udp scan

nmap -sU

SCTP INIT scan

nmap -sY

TCP Maimon scan

nmap -sM

This technique is exactly the same as NULL, FIN, and Xmas scans, except that the probe is FIN/ACK.

SCTP COOKIE ECHO scan

nmap -sZ

is a more advanced SCTP scan

Idle scan

nmap -sI

stealthy!

sudo nmap -Pn -sI 192.168.1.5 192.168.1.2

zombie pc at 192.168.1.5 must be alive and allow port 80 connections.

Decoy scan

sudo nmap -sS 192.168.1.2 -D 192.168.1.159

192.168.1.159 must be alive otherwise syn flood and dos.

Categories: Network, NMAP Tags: , , , ,
%d bloggers like this: