Commands in Nmap
Let’s discuss various options that could be used according to one’s needs, with Nmap
1. Options with scanning techniques: Nmap provides the following options with scans:
| option | description |
|---|---|
| -sS | TCP syn Port scan |
| -sT | TCP connect port scan |
| -sA | UDP port scan |
| -sU | TCP ACK port scan |
2. Options related to HOST discovery: Following list gives options associated with HOST discovery:
| option | description |
|---|---|
| -n | This option disables DNS resolution. |
| -sn | Only discovers hosts on a given network. |
| -Pn | Only scans ports. |
| -PR | Performs arp discovery on a given local network. |
3. Options for detecting OS and version of running services: List of options used for detecting OS and versions of running services:
| option | description |
|---|---|
| -A | Performs aggressive scan. |
| -O | Detects the running operating system of attacked machine. |
| -sV | Detects the versions of running services. |
4. Timing and Performances options: These options decide the time and performances of the performed scanning.
| option | description |
|---|---|
| -T0 | Performs paranoid IDS evasion. |
| -T1 | Performs sneaky IDS evasion. |
| -T2 | This is used for polite IDE evasion. |
| -T3 | This option is the normal IDE evasion. |
| -T4 | This performs an aggressive speed scan. |
| -T5 | Performs insane speed scans, fastest of all. |
5. Port specifications: Options provided with port scanning.
| option | description |
|---|---|
| -p- | Used for scanning all ports on a given network. |
| -p | Used to scan a range of ports. |
| -F | Used for fast port scanning. |
Footprinting with Nmap in Kali Linux
Footprinting is the technique of gathering information about a targeted network or computer system such as the version of OS the target is using, the kernel version (for Linux-based targets), the version of web hosting software (for server targets), etc. Footprinting could be both active and passive. Active Footprinting involves direct interaction with the target such as performing Nmap scans, etc. On the contrary, passive footprinting usually does not allows the target to be conscious of the enumeration. There are various tools out there to perform footprinting on various types of networks/systems. Nessus, Weblister, Harvester, Nmap, etc. are some of such tools. However, this article specifically focuses on Nmap.
Contact Us