nmap usage

This is used for port scanning, OS figerprinting etc. A well secured server

-sS = TCP Syn scan – many servers don’t log this
-sT = TCP connect scan – always logged
-sX = Xmas-tree scan
-sF = Fin scan
-sN = null scan mode
-sP = ping scanning
-sU = UDP scan
-sI = zombie scan
-sA = ack scan
-sW = window scan
-sL = list scan
-PT = tcp ping to determine which host are up
-O = identifiies OS, uptime and TCP Sequence Prediction (-sS -v)
-sR = rpc scan
-D = decoy scan
-sV = Scan Version
-iR = scans random IP
Example: nmap -sS -p 80 -iR 3 -P0 -> scans until it finds 3 webservers using random IP destinations

-P0 = don’t ping hosts before scanning (very important if ping is blocked).

-PP = uses ICMP timestamp request to see if the host is up (instead of echo-request)
-oN log_file = saves in log_file
-v, -vv = verbose level
-T {paranoid | sneaky | polite | normal | aggressive | insane}
– paranoid = 5 minutes between packets
– sneaky = 15 seconds
– polite = 0.4 sec
– aggressive & insane = max speed
–scan_delay milliseconds = same as -T, exact values possible
-f <–mtu val> = fragments packages
–data-length <8-1457>
–spoof-mac
nmap 192.168.0.1 –spoof-mac A1:b2:c3:d4:e5:f6

Uncategorized