Network Stealth Scans

Nmap offers the following options, which we can use them to remain stealthy while we are scanning our network. The following nmap techniques will allow us to remain undetected when we are dealing with an IDS.

-T<0-5>: Set timing template (higher is faster)
–max-hostgroup <size>: Parallel host scan group sizes
–max-parallelism <numprobes>: Probe parallelization
–max-retries <tries>: Caps number of port scan probe retransmissions.
–host-timeout <time>: Give up on target after this long
–scan-delay <time>: Adjust delay between probes (default unit for –scan-delay is seconds)
–max-rate <number>: Send packets no faster than <number> per second

Using a template

nmap -sS -p 80 --open -n -Pn -T2


Without a template

nmap -sS -p 80 --open -n -Pn --max-hostgroup 1 --max-retries 0 --max-parallelism 10 --max-rate 2
nmap -sS -p 80 --open -n -Pn --max-hostgroup 1 --max-retries 0 --scan-delay 1500ms


-sS: TCP SYN scan
-p : Only scan specified ports
–open: Only show open (or possibly open) ports
-n: Never do DNS resolution
-Pn: Treat all hosts as online — skip host discovery

Categories: NMAP Tags: , , ,
%d bloggers like this: