NMap – Notes


Simple nmap scan C:\nmap runs a SYN scan on all the port of the machine.

This also equivalent to C:\nmap –sS

To Determine Scanning IP Range

Nmap accepts all the various type of range specifications


IP range can also be specified using inclusion, exclusion list

C:\nmap –iL scanlist.txt
C:\nmap 192.168.*.* –-exclude
C:\nmap 192.168.*.* –excludefile scannerlist.txt


Host Discovery


Port scanning on all the alive hosts consumes too much time. Hence if we need to identify only alive host (ping scan only)

-sn No Port scan. It sends ICMP Echo, SYN to 443 and ACK to 80 to discover hosts`. This is used when the purpose is only to discover host
-PS22-25,80 Port scan 22 – 25, 80. Just SYN packet to that port
-PA <ports> Just send ACK, usually it responds with RST disclosing their existence.
Since Firewalls Block incoming SYN, this is useful. However, practically doesn’t work with high end firewalls due to drop of stateful constraint.
-PU <ports> Hitting unused/closed udp port (default 40125) cause to return ICMP unreachable indicating host discovery, TTL expiry or no response

About wikihead

A Seeker. Information Security Professional, Pursuing Life with Ayurveda.
This entry was posted in Notes, security, Tutorials and tagged , . Bookmark the permalink.

One Response to NMap – Notes

  1. Pingback: Vulnerability Assessment tools « Eikonal Blog

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s