Simple nmap scan C:\nmap 127.0.0.1 runs a SYN scan on all the port of the machine.
This also equivalent to C:\nmap –sS 127.0.0.1
To Determine Scanning IP Range
Nmap accepts all the various type of range specifications
IP range can also be specified using inclusion, exclusion list
C:\nmap –iL scanlist.txt
C:\nmap 192.168.*.* –-exclude 192.168.12.13-20
C:\nmap 192.168.*.* –excludefile scannerlist.txt
Port scanning on all the alive hosts consumes too much time. Hence if we need to identify only alive host (ping scan only)
|-sn||No Port scan. It sends ICMP Echo, SYN to 443 and ACK to 80 to discover hosts`. This is used when the purpose is only to discover host|
||Port scan 22 – 25, 80. Just SYN packet to that port|
||Just send ACK, usually it responds with RST disclosing their existence.
Since Firewalls Block incoming SYN, this is useful. However, practically doesn’t work with high end firewalls due to drop of stateful constraint.
|-PU <ports>||Hitting unused/closed udp port (default 40125) cause to return ICMP unreachable indicating host discovery, TTL expiry or no response|