In previous part we have been seen some of the scanning methods in Nmap. So today we’ll continue our next part. Let’s start.
Scan Specific Lists
It scans the lists of the targets with their IP addresses and domain names and provide the lists of IP or host addresses which you have specified.
nmap -sL scanme.nmap.org/24
No Port Scan
It avoid to scan the ports of the targets which you have specified.
nmap -sP scanme.nmap.org/24
Ping Scan
It helps to identify all of the IP addresses that are currently online without sending any packets to these hosts
nmap -Pn scanme.nmap.org
TCP SYN Ping
It is used sometimes when the host try to block the ICMP echo requests with firewalls.
nmap -PS scanme.nmap.org
UDP Scan
It helps to discover the UDP ports of a specified system
nmap -PU scanme.nmap.org
Port scanning concepts behind Nmap
There are six states of the ports that are recognized by Nmap:
Open: These are the ports that are accepting packets. Finding these ports are one of the primary goals of port scanning. They are the most interesting ports and attackers will always try to exploit an open port. This is why system administrators often block them or protect them with firewalls or rules.
Closed: These ports are accessible and they respond to Nmap packets. They are shown as closed since no application is listening on them. These ports are still helpful and they reveal that the host is reachable.
Filtered: These are the ports that Nmap cannot determine if they are open. This is because a firewall device or some kind of packet filtering system blocks the packets from reaching the ports. This state of the port provides only a little information about the port and it is highly desirable for enhanced security.
Unfiltered: This means the port is accessible by Nmap but it cannot determine whether the port is open or closed. This state will only show up as a result of the ACK scan.
Open | Filtered: This state means Nmap cannot determine if the port is open or filtered. This will come up later in the tutorial.
Closed | Filtered: This state means Nmap cannot determine if the port is closed or filtered.
TCP SYN SCAN
It is known as the SYN Stealth Scan since the connection is never established. It works exactly like the TCP SYN Ping. The client sends a SYN to which the server replies SYN-ACK.
nmap -sS scanme.namp.org
TCP Connect Scan
This is another option that can be used instead of SYN scan when the user does not have sufficient privileges. Comparatively, TCP SYN Scan is the better choice.
nmap -sT scanme.nmap.org
TCP ACK Scan
It helps to find out if the ports are unfiltered or filtered. Unfiltered ports will respond with an RST message while the filtered ports will not respond or send certain ICMP error messages.
nmap -sA scanme.nmap.org
In next part we’ll also continue our series with some awesome tips and tricks!
If you really like this post then give your reaction and don’t forget to share with others.
Thank you for reading this and have a nice stay there!
