10 popular N-map commands you can use.

If you are googling nmap command, you usually have something on the go right now and you just need that memory reboot. Let just jump straight in.

[#1] - TCP Connect Port Scan

nmap -sT <IP Address>

TCP connect scan is the default TCP scan type when SYN scan is not an option. This is the case when a user does not have raw packet privileges or is scanning IPv6 networks. The TCP Connect Scan is a simple probe that attempts to directly connect to the remote system without using any stealth.


[#2] - TCP SYN Port Scan

nmap -sS <IP Address>

This type of scan won't establish a TCP connection. It will scan by sending a SYN flag packet and if the port is open, then a SYN/ACK will be send back as a response by the target machine, thus result in a half embryo connection. Since a full connection wont establish, the connection info will not be logged by the Firewalls/IDSs and hence it is widely known as Stealth scan. If a RST pack is received as a response, then probably the post.


[#3]- Version Scan

nmap -sV <IP Address>

Version Detection collects information about the specific service running on an open port, including the product name and version number. This information can be used in determining an entry point for an attack. The -sV option enables version detection, and the -A option enables both OS fingerprinting and version detection.


[#4] - UDP Port Scan

nmap -sU <IP Address>

UDP scan works by sending a UDP packet to the targeted port. If no response is received, then the port will be considered as Open | filtered. Filtered because some firewalls wont respond to the blocked UDP ports. If the port is closed, then an IMP response (IMP port unreachable error type 3, code 3) will be send by the target device.


[#5] - OS Fingerprinting

nmap -0 <IP Address>

With -O (Capital O) or -osscan-guess, you can easily detect the target Operating System behind it using TCP/IP stack fingerprinting. Nmap sends a series of TCP and UDP packets to the remote host and examines the responses. After performing dozens of tests, map compares the results to its database and prints out the OS details if there is a match.


[#6] - Scan OS Information

nmap -A <IP Address>

With Nmap, you can detect which OS and version is running on the remote host. To enable OS & version detection, script scanning and traceroute, you can use "-A" option with NMAP. This type of scan uses the ACK flags. Unlike other scans, ACK scan is not used to determine whether the port is Open or Closed.

It is used to map out firewall rule-sets, determining whether they are stateful or not and which ports are filtered. Stateful Firewalls, will respond with a RST packet as the sequence is not in order.


[#7] - Scan Top Ports (Fast Mode)

nmap -F <IP Address>

Instead of scanning as many ports as the default scan does, the fast scan only scans a few. Using "-top-ports" parameter along with a specific number also lets you scan the top X most common ports for that host.

Example: map -top-ports <IP Address>


[#8] - Scan Targets from a File

nmap -iL targets.txt

Will scan every target found on the text file.


[#9] - TCP ACK Port Scan

nmap -sA <IP Address>

This type of scan uses the ACK flags. Unlike other scans, ACK scan is not used to determine whether the port is Open or Closed. It is used to map out firewall rule-sets, determining whether they are stateful or not and which ports are filtered. Stateful Firewalls, will respond with a RST packet as the sequence is not in order.


[#10] - Ping Scan

nmap -sP <IP Address>

This types of scan is used to detect which computers or devices are online, rather than which ports are open.

In this, Nmap sends an IMP ECHO REQUEST packet to the destination system. If an IMP ECHO REPLY is received, the system is considered as up, and IMP packets are not blocked. If there is no response to the IMP ping request, Nap will try a "TCP Ping", to determine whether ICMP is blocked, or if the host is really not online.


Happy Days